Merge branch 'master' into apps-in-windows-10-update

.openpublishing.publish.config.json

@@ -1,6 +1,22 @@
 {
   "build_entry_point": "",
   "docsets_to_publish": [
+    {
+      "docset_name": "bcs-vsts",
+      "build_source_folder": "bcs",
+      "build_output_subfolder": "bcs-vsts",
+      "locale": "en-us",
+      "monikers": [],
+      "moniker_ranges": [],
+      "open_to_public_contributors": false,
+      "type_mapping": {
+        "Conceptual": "Content",
+        "ManagedReference": "Content",
+        "RestApi": "Content"
+      },
+      "build_entry_point": "docs",
+      "template_folder": "_themes"
+    },
     {
       "docset_name": "education-VSTS",
       "build_source_folder": "education",
@@ -126,7 +142,7 @@
       "locale": "en-us",
       "monikers": [],
       "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content",
         "ManagedReference": "Content",

bcs/TOC.md

@@ -0,0 +1 @@
+# [Index](index.md)

bcs/breadcrumb/toc.yml

@@ -0,0 +1,3 @@
+- name: Docs
+  tocHref: /
+  topicHref: /

bcs/docfx.json

@@ -0,0 +1,45 @@
+{
+  "build": {
+    "content": [
+      {
+        "files": [
+          "**/*.md",
+          "**/*.yml"
+        ],
+        "exclude": [
+          "**/obj/**",
+          "**/includes/**",
+          "_themes/**",
+          "_themes.pdf/**",
+          "README.md",
+          "LICENSE",
+          "LICENSE-CODE",
+          "ThirdPartyNotices"
+        ]
+      }
+    ],
+    "resource": [
+      {
+        "files": [
+          "**/*.png",
+          "**/*.jpg"
+        ],
+        "exclude": [
+          "**/obj/**",
+          "**/includes/**",
+          "_themes/**",
+          "_themes.pdf/**"
+        ]
+      }
+    ],
+    "overwrite": [],
+    "externalReference": [],
+    "globalMetadata": {
+      "breadcrumb_path": "/microsoft-365/business/breadcrumb/toc.json",
+      "extendBreadcrumb": true
+    },
+    "fileMetadata": {},
+    "template": [],
+    "dest": "bcs-vsts"
+  }
+}

bcs/index.md

@@ -0,0 +1,3 @@
+---
+redirect_url: https://docs.microsoft.com/microsoft-365/business/index
+---

bcs/support/microsoft-365-business-faqs.md

@@ -0,0 +1,3 @@
+---
+redirect_url: https://docs.microsoft.com/microsoft-365/business/support/microsoft-365-business-faqs
+---

bcs/support/transition-csp-subscription.md

@@ -0,0 +1,3 @@
+---
+redirect_url: https://docs.microsoft.com/microsoft-365/business/support/transition-csp-subscription
+---

windows/access-protection/index.md

@@ -1,29 +1,3 @@
 ---
-title: Access protection (Windows 10)
-description: Learn more about access protection technologies in Windows 10 and Windows 10 Mobile.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 04/24/2017
+redirect_url: https://docs.microsoft.com/windows/security/identity-protection/
 ---
-
-# Access protection
-
-Learn more about access protection technologies in Windows 10 and Windows 10 Mobile.
-
-| Section | Description |
-|-|-|
-| [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
-| [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
-| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information. Certificates are issued by a certification authority (CA) that vouches for the identity of the certificate holder, and they enable secure client communications with websites and services. |
-| [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) | Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard helps prevent these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. |
-| [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
-| [User Account Control](user-account-control/user-account-control-overview.md)| Provides information about User Account Control (UAC), which helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. UAC can help block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.|
-| [Virtual Smart Cards](virtual-smart-cards/virtual-smart-card-overview.md) | Provides information about deploying and managing virtual smart cards, which are functionally similar to physical smart cards and appear in Windows as smart cards that are always-inserted. Virtual smart cards use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. |
-| [VPN technical guide](vpn/vpn-guide.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
-| [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) | Provides a collection of references topics about smart cards, which are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account. |
-| [Windows Hello for Business](hello-for-business/hello-identity-verification.md) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
-| [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md) | Provides information about Windows Firewall with Advanced Security, which is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local device. |
-| [Windows 10 Credential Theft Mitigation Guide Abstract](windows-credential-theft-mitigation-guide-abstract.md) | Learn more about credential theft mitigation in Windows 10. |

windows/configuration/change-history-for-configure-windows-10.md

@@ -8,13 +8,19 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 01/31/2018
+ms.date: 02/08/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## February 2018
+
+New or changed topic | Description
+--- | ---
+[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
+
 ## January 2018
 
 New or changed topic | Description

windows/configuration/lock-down-windows-10-to-specific-apps.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: high
-ms.date: 01/31/2018
+ms.date: 02/08/2018
 ms.author: jdecker
 ---
 
@@ -20,21 +20,49 @@ ms.author: jdecker
 
 -   Windows 10
 
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using Microsoft Intune or a provisioning package.
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. 
+
+The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
+
+>[!WARNING]
+>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](#policies-set-by-multi-app-kiosk-configuration) are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+
+You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
+
+<span id="intune"/>
+## Configure a kiosk in Microsoft Intune
 
 Watch how to use Intune to configure a multi-app kiosk.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/ce9992ab-9fea-465d-b773-ee960b990c4a?autoplay=false]
 
->[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. 
+1. [Generate the Start layout for the kiosk device.](#startlayout)
+2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+3. Select **Device configuration**.
+4. Select **Profiles**.
+5. Select **Create profile**.
+6. Enter a friendly name for the profile.
+7. Select **Windows 10 and later** for the platform.
+8. Select **Device restrictions** for the profile type.
+9. Select **Kiosk**.
+10. In **Kiosk Mode**, select **Multi app kiosk**.
+11. Select **Add** to define a configuration, which specifies the apps that will run and the layout for the Start menu.
+12. Enter a friendly name for the configuration.
+13. Select an app type, either **Win32 App** for a classic desktop application or **UWP App** for a Universal Windows Platform app.
+  - For **Win32 App**, enter the fully qualified pathname of the executable, with respect to the device.
+  - For **UWP App**, enter the Application User Model ID for an installed app.
+14. Select whether to enable the taskbar.
+15. Browse to and select the Start layout XML file that you generated in step 1.
+16. Add one or more accounts. When the account signs in, only the apps defined in the configuration will be available.
+17. Select **OK**. You can add additional configurations or finish.
+18. Assign the profile to a device group to configure the devices in that group as kiosks.
 
-The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
 
->[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
 
 
+
+## Configure a kiosk using a provisioning package
+
 Process:
 1. [Create XML file](#create-xml-file)
 2. [Add XML file to provisioning package](#add-xml)
@@ -46,14 +74,15 @@ Watch how to use a provisioning package to configure a multi-app kiosk.
 
 If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](#bridge).
 
-## Prerequisites
+### Prerequisites
 
 - Windows Configuration Designer (Windows 10, version 1709)
 - The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709
 
+>[!NOTE]
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. 
 
-
-## Create XML file
+### Create XML file
 
 Let's start by looking at the basic structure of the XML file. 
 
@@ -90,7 +119,7 @@ You can start your file by pasting the following XML (or any other examples in t
 </AssignedAccessConfiguration>
 ```
 
-### Profile
+#### Profile
 
 A profile section in the XML has the following entries: 
 
@@ -103,7 +132,7 @@ A profile section in the XML has the following entries:
 - [**Taskbar**](#taskbar)
 
 
-#### Id
+##### Id
 
 The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
 
@@ -113,7 +142,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 </Profiles>
 ```
 
-#### AllowedApps
+##### AllowedApps
 
 **AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
 
@@ -155,7 +184,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
 </AllAppsList>
 ```
 
-#### StartLayout
+##### StartLayout
 
 After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
 
@@ -202,7 +231,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
 
 ![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
 
-#### Taskbar
+##### Taskbar
 
 Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
 
@@ -221,7 +250,7 @@ The following example hides the taskbar:
 >[!NOTE]
 >This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
 
-### Configs
+#### Configs
 
 Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience. 
 
@@ -256,7 +285,7 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 
 <span id="add-xml" />
-## Add XML file to provisioning package
+### Add XML file to provisioning package
 
 Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
 
@@ -317,12 +346,12 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 15. Copy the provisioning package to the root directory of a USB drive.
 
 <span id="apply-ppkg" />
-## Apply provisioning package to device
+### Apply provisioning package to device
 
 Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 
-### During initial setup, from a USB drive
+#### During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
@@ -346,7 +375,7 @@ Provisioning packages can be applied to a device during the first-run experience
     
 
     
-### After setup, from a USB drive, network folder, or SharePoint site
+#### After setup, from a USB drive, network folder, or SharePoint site
 
 1. Sign in with an admin account.
 2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
@@ -365,7 +394,7 @@ Provisioning packages can be applied to a device during the first-run experience
 
 
 <span id="alternate-methods" />
-## Use MDM to deploy the multi-app configuration 
+### Use MDM to deploy the multi-app configuration 
 
 
 Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML. 

windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md

@@ -32,7 +32,8 @@ A single-use or *kiosk* device is easy to set up in Windows 10 for desktop edit
     
 - For a kiosk device to run a Classic Windows application, use [Shell Launcher](#shell-launcher) to set a custom user interface as the shell (Windows 10 Enterprise or Education only). 
 
-To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
+>[!TIP]
+>To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
 
 >[!NOTE]
 >A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.

windows/device-security/change-history-for-device-security.md

@@ -1,52 +0,0 @@
----
-title: Change history for device security (Windows 10)
-description: This topic lists new and updated topics in the Windows 10 device security documentation for Windows 10 and Windows 10 Mobile.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 11/27/2017
----
-
-# Change history for device security
-This topic lists new and updated topics in the [Device security](index.md) documentation.
-
-## November 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [How to enable virtualization-based protection of code integrity](enable-virtualization-based-protection-of-code-integrity.md)| New. Explains how to enable HVCI.  |
-
-## October 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [TPM fundamentals](tpm/tpm-fundamentals.md)<br>[BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Explained the change to allow reducing the maximum PIN length from 6 characters to 4. |
-| [Windows security baselines](windows-security-baselines.md) | New. Security baselines added for Windows 10, versions 1703 and 1709. |
-| [Security Compliance Toolkit](security-compliance-toolkit-10.md) | New. Includes a link to tools for managing security baselines. |
-| [Get support for security baselines](get-support-for-security-baselines.md) | New. Explains supported versions for security baselines and other support questions.  |
-
-
-
-## August 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [BitLocker: Management recommendations for enterprises](bitlocker/bitlocker-management-for-enterprises.md) | New BitLocker security topic. |
-| [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md) | Revised description |
-
-
-## July 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [How Windows 10 uses the Trusted Platform Module](tpm/how-windows-uses-the-tpm.md) | New TPM security topic. |
-
-
-## May 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Changed startup PIN minimun length from 4 to 6. |
-| [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) | New security policy setting. |
-
-## March 2017
-|New or changed topic |Description |
-|---------------------|------------|
-|[Requirements and deployment planning guidelines for Device Guard](device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md) | Updated to include additional security qualifications starting with Windows 10, version 1703.|

windows/device-security/index.md

@@ -1,27 +1,3 @@
 ---
-title: Device Security (Windows 10)
-description: Learn more about how to help secure your Windows 10 and Windows 10 Mobile devices.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 04/24/2017
+redirect_url: https://docs.microsoft.com/windows/security/threat-protection/
 ---
-
-# Device Security
-
-Learn more about how to help secure your Windows 10 and Windows 10 Mobile devices.
-
-| Section | Description |
-|-|-|
-| [AppLocker](applocker/applocker-overview.md)| Describes AppLocker, and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.|
-| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
-| [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) | Learn more about protecting high-value assets. |
-| [Device Guard deployment guide](device-guard/device-guard-deployment-guide.md) | Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If the app isn’t trusted it can’t run, period. It also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code after the computer restarts because of how decisions are made about what can run and when. |
-| [Encrypted Hard Drive](encrypted-hard-drive.md) | Provides information about Encrypted Hard Drive, which uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.|
-| [Security auditing](auditing/security-auditing-overview.md)| Describes how the IT professional can use the security auditing features in Windows, and how organizations can benefit from using these technologies, to enhance the security and manageability of networks.|
-| [Security policy settings](security-policy-settings/security-policy-settings.md)| Provides a collection of reference topics that describe the common scenarios, architecture, and processes for security settings.|
-| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Provides links to information about the Trusted Platform Module (TPM), which is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. |
-| [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) | Learn more about securing your Windows 10 Mobile devices. |
-| [Windows security baselines](windows-security-baselines.md) | Learn why you should use security baselines in your organization. |

windows/hub/TOC.md

@@ -5,8 +5,8 @@
 ## [Configuration](/windows/configuration)
 ## [Client management](/windows/client-management)
 ## [Application management](/windows/application-management)
-## [Access protection](/windows/access-protection)
-## [Device security](/windows/device-security)
-## [Threat protection](/windows/threat-protection)
+## [Identity and access management](/windows/security/identity-protection)
+## [Information protection](/windows/security/information-protection)
+## [Threat protection](/windows/security/threat-protection)
 ## [Troubleshooting](/windows/client-management/windows-10-support-solutions)
 ## [Other Windows client versions](https://docs.microsoft.com/previous-versions/windows)

windows/hub/breadcrumb/toc.yml

@@ -6,31 +6,42 @@
       tocHref: /windows
       topicHref: /windows/windows-10
       items:
-      - name: What's new
-        tocHref: /windows/whats-new/
-        topicHref: /windows/whats-new/index
-      - name: Configuration
-        tocHref: /windows/configuration/
-        topicHref: /windows/configuration/index
-      - name: Deployment
-        tocHref: /windows/deployment/
-        topicHref: /windows/deployment/index
-      - name: Application management
-        tocHref: /windows/application-management/
-        topicHref: /windows/application-management/index
-      - name: Client management
-        tocHref: /windows/client-management/
-        topicHref: /windows/client-management/index
-        items:
-        - name: Mobile Device Management
-          tocHref: /windows/client-management/mdm
-          topicHref: /windows/client-management/mdm/index
-      - name: Access protection
-        tocHref: /windows/access-protection/
-        topicHref: /windows/access-protection/index
-      - name: Device security
-        tocHref: /windows/device-security/
-        topicHref: /windows/device-security/index
-      - name: Threat protection
-        tocHref: /windows/threat-protection/
-        topicHref: /windows/threat-protection/index
+        - name: What's new
+          tocHref: /windows/whats-new/
+          topicHref: /windows/whats-new/index
+        - name: Configuration
+          tocHref: /windows/configuration/
+          topicHref: /windows/configuration/index
+        - name: Deployment
+          tocHref: /windows/deployment/
+          topicHref: /windows/deployment/index
+        - name: Application management
+          tocHref: /windows/application-management/
+          topicHref: /windows/application-management/index
+        - name: Client management
+          tocHref: /windows/client-management/
+          topicHref: /windows/client-management/index
+          items:
+            - name: Mobile Device Management
+              tocHref: /windows/client-management/mdm/
+              topicHref: /windows/client-management/mdm/index
+        - name: Security
+          tocHref: /windows/security/
+          topicHref: /windows/security/index
+          items:
+            - name: Identity and access protection
+              tocHref: /windows/security/identity-protection/
+              topicHref: /windows/security/identity-protection/index
+              items:
+                - name: Windows Hello for Business
+                  tocHref: /windows/security/identity-protection/hello-for-business
+                  topicHref: /windows/security/identity-protection/hello-for-business/hello-identity-verification
+            - name: Threat protection
+              tocHref: /windows/security/threat-protection/
+              topicHref: /windows/security/threat-protection/index
+            - name: Information protection
+              tocHref: /windows/security/information-protection/
+              topicHref: /windows/security/information-protection/index
+            - name: Hardware-based protection
+              tocHref: /windows/security/hardware-protection/
+              topicHref: /windows/security/hardware-protection/index

windows/security/TOC.md

@@ -1 +1,5 @@
-# [Index](index.md)
+# [Security](index.yml)
+## [Identity and access management](identity-protection/index.md)
+## [Threat protection](threat-protection/index.md)
+## [Information protection](information-protection/index.md)
+## [Hardware-based protection](hardware-protection/index.md)

windows/security/docfx.json

@@ -20,7 +20,8 @@
       {
         "files": [
           "**/*.png",
-          "**/*.jpg"
+          "**/*.jpg",
+           "**/*.gif"
         ],
         "exclude": [
           "**/obj/**",
@@ -35,8 +36,7 @@
 	  "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
 	  "ms.technology": "windows",
 	  "ms.topic": "article",
-	  "ms.author": "justinha",
-      "extendBreadcrumb": true
+	  "ms.author": "justinha"
     },
     "fileMetadata": {},
     "template": [],

windows/security/hardware-protection/TOC.md

@@ -0,0 +1,21 @@
+# [Hardware-based protection](index.md)
+
+## [Encrypted Hard Drive](encrypted-hard-drive.md)
+
+## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+
+## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
+
+## [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)
+### [Trusted Platform Module Overview](tpm/trusted-platform-module-overview.md)
+### [TPM fundamentals](tpm/tpm-fundamentals.md)
+### [How Windows 10 uses the TPM](tpm/how-windows-uses-the-tpm.md)
+### [TPM Group Policy settings](tpm/trusted-platform-module-services-group-policy-settings.md)
+### [Back up the TPM recovery information to AD DS](tpm/backup-tpm-recovery-information-to-ad-ds.md)
+### [Manage TPM commands](tpm/manage-tpm-commands.md)
+### [Manage TPM lockout](tpm/manage-tpm-lockout.md)
+### [Change the TPM owner password](tpm/change-the-tpm-owner-password.md)
+### [View status, clear, or troubleshoot the TPM](tpm/initialize-and-configure-ownership-of-the-tpm.md)
+### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md)
+### [TPM recommendations](tpm/tpm-recommendations.md)
+

windows/security/hardware-protection/index.md

@@ -0,0 +1,21 @@
+---
+title: Hardware-based Protection (Windows 10)
+description: Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+ms.date: 02/05/2018
+---
+
+# Hardware-based protection
+
+Windows 10 leverages these hardware-based security features to protect and maintain system integrity.
+
+| Section | Description |
+|-|-|
+| [Encrypted Hard Drive](encrypted-hard-drive.md) | Provides information about Encrypted Hard Drive, which uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.|
+|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) |Learn about how hardware-based containers can isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.|
+|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) |Learn about the Windows 10 security features that help to protect your PC from malware, including rootkits and other applications.|
+| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Provides links to information about the Trusted Platform Module (TPM), which is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. |

windows/security/identity-protection/TOC.md

@@ -1,4 +1,4 @@
-# [Access protection](access-control/access-control.md)
+# [Identity and access management](index.md)
 
 ## [Access Control Overview](access-control/access-control.md)
 ### [Dynamic Access Control Overview](access-control/dynamic-access-control.md)
@@ -17,6 +17,8 @@
 
 ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
 
+## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+
 ## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md)
 ### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md)
 ### [Credential Guard Requirements](credential-guard/credential-guard-requirements.md)

windows/security/identity-protection/change-history-for-access-protection.md

@@ -17,6 +17,12 @@ This topic lists new and updated topics in the [Access protection](index.md) doc
 |---------------------|------------|
 |[Microsoft accounts](access-control/microsoft-accounts.md) |Revised to cover new Group Policy setting in Windows 10, version 1703, named **Block all consumer Microsoft account user authentication**.|
 
+## June 2017
+|New or changed topic |Description |
+|---------------------|------------|
+|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New | 
+
+
 ## March 2017
 |New or changed topic |Description |
 |---------------------|------------|