Merge remote-tracking branch 'refs/remotes/origin/master' into ATP-VSO-9292791

windows/keep-secure/implement-microsoft-passport-in-your-organization.md

@@ -275,7 +275,7 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device or user</td>
 <td>1</td>
 <td>
-<p>1: Uppercase letters are not allowed </p>
+<p>1: Uppercase letters are not allowed. </p>
 <p>2: At least one uppercase letter is required</p>
 </td>
 </tr>
@@ -318,27 +318,27 @@ You’ll need this software to set Windows Hello for Business policies in your e
 <tbody>
 <tr class="odd">
 <td align="left">Key-based authentication</td>
-<td align="left">Azure AD subscription</td>
+<td align="left">[Azure AD subscription](https://docs.microsoft.com/azure/active-directory/active-directory-howto-tenant)</td>
 <td align="left"><ul>
-<li>Azure AD subscription</li>
-<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD subscription](https://docs.microsoft.com/azure/active-directory/active-directory-howto-tenant)</li>
+<li>[Azure AD Connect](https://docs.microsoft.com/azure/active-directory/active-directory-aadconnect)</li>
 <li>A few Windows Server 2016 domain controllers on-site</li>
-<li>A management solution, such as Configuration Manager, Group Policy, or MDM</li>
-<li>Active Directory Certificate Services (AD CS) without Network Device Enrollment Service (NDES)</li>
+<li>A management solution, such as [Configuration Manager](https://docs.microsoft.com/sccm/index), Group Policy, or MDM</li>
+<li>[Active Directory Certificate Services](https://technet.microsoft.com/windowsserver/dd448615.aspx) (AD CS) without Network Device Enrollment Service (NDES)</li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Certificate-based authentication</td>
 <td align="left"><ul>
-<li>Azure AD subscription</li>
+<li>[Azure AD subscription](https://docs.microsoft.com/azure/active-directory/active-directory-howto-tenant)</li>
 <li>Intune or non-Microsoft mobile device management (MDM) solution</li>
-<li>PKI infrastructure</li>
+<li>[PKI infrastructure](https://msdn.microsoft.com/library/windows/desktop/bb427432(v=vs.85).aspx)</li>
 </ul></td>
 <td align="left"><ul>
-<li>Azure AD subscription</li>
-<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
-<li>AD CS with NDES</li>
-<li>Configuration Manager for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
+<li>[Azure AD subscription](https://docs.microsoft.com/azure/active-directory/active-directory-howto-tenant)</li>
+<li>[Azure AD Connect](https://docs.microsoft.com/azure/active-directory/active-directory-aadconnect)</li>
+<li>[AD CS](https://technet.microsoft.com/windowsserver/dd448615.aspx) with NDES</li>
+<li>[Configuration Manager](https://docs.microsoft.com/sccm/index) for domain-joined certificate enrollment, or [InTune](https://docs.microsoft.com/intune/deploy-use/control-microsoft-passport-settings-on-devices-with-microsoft-intune) for non-domain-joined devices, or a non-Microsoft MDM service that supports Hello for Business</li>
 </ul></td>
 </tr>
 </tbody>
@@ -346,7 +346,9 @@ You’ll need this software to set Windows Hello for Business policies in your e
  
 Configuration Manager and MDM provide the ability to manage Windows Hello for Business policy and to deploy and manage certificates protected by Windows Hello for Business.
 
-Azure AD provides the ability to register devices with your enterprise and to provision Windows Hello for Business for organization accounts.
+[Azure AD](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-passport) provides the ability to register devices with your enterprise and to provision Windows Hello for Business for organization accounts.
+
+[Learn more about enabling Windows Hello for Business in an Azure AD/AD hybrid environment.](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-passport-deployment)
 
 
 ## Windows Hello for BYOD

windows/manage/waas-branchcache.md

@@ -31,8 +31,6 @@ For detailed information about how Distributed Cache mode and Hosted Cache mode
 
 Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](https://technet.microsoft.com/library/dd637820%28v=ws.10%29.aspx) in the [BranchCache Early Adopter’s Guide](https://technet.microsoft.com/library/dd637762(v=ws.10).aspx).
 
-Whether you use BranchCache with Configuration Manager or with WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see Client Configuration in the BranchCache Early Adopter’s Guide.
-
 In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows 10, simply set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
 
 ## Configure servers for BranchCache

windows/manage/windows-10-mobile-and-mdm.md

@@ -21,11 +21,11 @@ Employees increasingly depend on smartphones to complete daily work tasks, but t
 Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
 
 **In this article**
--	Deploy
--	Configure
--	Apps
--	Manage
--	Retire
+-	[Deploy](#deploy)
+-	[Configure](#configure)
+-	[Apps](#apps)
+-	[Manage](#manage)
+-	[Retire](#retire)
 
 
 ## Deploy
@@ -73,7 +73,7 @@ The way in which personal and corporate devices are enrolled into an MDM system
 <td align="left">Organization</td>
 </tr>
 <tr class="odd">
-<td align="left"><strong>Device Innitialization</strong>
+<td align="left"><strong>Device Initialization</strong>
 
 In the Out-of-the-Box Experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device.</td>
 <td align="left">The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. </td>

windows/whats-new/whats-new-windows-10-version-1507-and-1511.md

@@ -231,11 +231,12 @@ In Windows 10, User Account Control has added some improvements.
 ### VPN profile options
 
 Windows 10 provides a set of VPN features that both increase enterprise security and provide an improved user experience, including:
-•	Always-on auto connection behavior 
-•	App=triggered VPN 
-•	VPN traffic filters
-•	Lock down VPN
-•	Integration with Microsoft Passport for Work
+
+- Always-on auto connection behavior 
+- App=triggered VPN 
+- VPN traffic filters
+- Lock down VPN
+- Integration with Microsoft Passport for Work
 
 [Learn more about the VPN options in Windows 10.](../keep-secure/vpn-profile-options.md)