diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md
index 3f1e9a5aaa..6f7f0e5858 100644
--- a/windows/application-management/TOC.md
+++ b/windows/application-management/TOC.md
@@ -101,6 +101,7 @@
#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md)
## [Service Host process refactoring](svchost-service-refactoring.md)
## [Per-user services in Windows](per-user-services-in-windows.md)
+## [Disabling System Services in Windows Server](https://docs.microsoft.com/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server)
## [Understand apps in Windows 10](apps-in-windows-10.md)
## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md)
## [Change history for Application management](change-history-for-application-management.md)
diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f76eec93a1..ac7292e972 100644
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -71,7 +71,7 @@ See the following table for a summary of the management settings for Windows 10
| Setting | UI | Group Policy | MDM policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) | |  | | | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | | | |
| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  |  |
| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
| [4. Device metadata retrieval](#bkmk-devinst) | |  | |  | |
@@ -124,7 +124,7 @@ See the following table for a summary of the management settings for Windows Ser
| Setting | UI | Group Policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) | |  |  | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  |  | |
| [2. Cortana and Search](#bkmk-cortana) |  |  |  | |
| [3. Date & Time](#bkmk-datetime) |  |  |  | |
| [4. Device metadata retrieval](#bkmk-devinst) | |  |  | |
@@ -150,7 +150,7 @@ See the following table for a summary of the management settings for Windows Ser
| Setting | Group Policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) |  |  | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |  | |
| [3. Date & Time](#bkmk-datetime) |  |  | |
| [6. Font streaming](#font-streaming) |  |  | |
| [13. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
@@ -165,7 +165,7 @@ See the following table for a summary of the management settings for Windows Ser
| Setting | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) |  | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  | |
| [3. Date & Time](#bkmk-datetime) |  | |
| [20. Teredo](#bkmk-teredo) | |  |
| [27. Windows Update](#bkmk-wu) |  | |
@@ -174,16 +174,15 @@ See the following table for a summary of the management settings for Windows Ser
Use the following sections for more information about how to configure each setting.
-### 1. Certificate trust lists
+### 1. Automatic Root Certificates Update
-A certificate trust list is a predefined list of items, such as a list of certificate hashes or a list of file name, that are signed by a trusted entity. Windows automatically downloads an updated certificate trust list when it is available.
-
-To turn off the automatic download of an updated certificate trust list, you can turn off automatic root updates, which also includes the disallowed certificate list and the pin rules list.
+The Automatic Root Certificates Update component is designed to automatically check the list of trusted authorities on Windows Update to see if an update is available.
+For more information, see [Automatic Root Certificates Update Configuration](https://technet.microsoft.com/library/cc733922.aspx).
+Although not recommended, you can turn off Automatic Root Certificates Update, which also prevents updates to the disallowed certificate list and the pin rules list.
> [!CAUTION]
> By not automatically downloading the root certificates, the device might have not be able to connect to some websites.
-
For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core:
- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update**