From d325fc07187b818e5eca4d2282fce508ad2f66fe Mon Sep 17 00:00:00 2001
From: Tommy N <tonguyen@microsoft.com>
Date: Tue, 25 Oct 2016 16:03:43 -0700
Subject: [PATCH 01/11] Update appv-release-notes-for-appv-for-windows.md

---
 .../manage/appv-release-notes-for-appv-for-windows.md  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/manage/appv-release-notes-for-appv-for-windows.md b/windows/manage/appv-release-notes-for-appv-for-windows.md
index a80d391a45..0982031249 100644
--- a/windows/manage/appv-release-notes-for-appv-for-windows.md
+++ b/windows/manage/appv-release-notes-for-appv-for-windows.md
@@ -30,17 +30,19 @@ MSI packages that were generated using an App-V sequencer from previous versions
     
     - For the standalone Windows 10 SDK without other tools, see [Standalone Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
 
-3. From an elevated Windows PowerShell prompt, navigate to the following folder:
+3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin**
+
+4. From an elevated Windows PowerShell prompt, navigate to the following folder:
  
     &lt;Windows Kits 10 installation folder&gt;**\Microsoft Application Virtualization\Sequencer\** 
 
     By default, this path will be:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** 
 
-4. Run the following command:
+5. Run the following command:
 
-    `Update-AppvPackageMsi -MsiPackage "<path to App-V Package .msi file>" -MsSdkPath "<path to Windows SDK installation>"` 
+    `Update-AppvPackageMsi -MsiPackage "<path to App-V Package .msi file>" -MsSdkPath "<path>"` 
 
-    By default, the path to the Windows SDK installation will be:<br>**C:\Program Files (x86)\Windows Kits\10**
+    where the path is to the new directory (**C:\MyMsiTools\ for this example**).
 
 ## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V Client on Windows 10
 

From 5dcb971d015714847c35edc8bf97ca92bb3d00ee Mon Sep 17 00:00:00 2001
From: Gabe Stocco <gastocco@microsoft.com>
Date: Tue, 25 Oct 2016 16:08:10 -0700
Subject: [PATCH 02/11] Update for Integrated vs Firmware

---
 windows/keep-secure/tpm-recommendations.md | 80 +++++++++++-----------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md
index acf27319d7..20c1c827db 100644
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@@ -40,7 +40,8 @@ OEMs implement the TPM as a component in a trusted computing platform, such as a
 The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs whereas others do not.
 
 >**Note:**  Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
- 
+
+
 ## TPM 1.2 vs. 2.0 comparison
 
 From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0, which has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM.
@@ -59,32 +60,24 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 
 -   TPM 2.0 offers a more **consistent experience** across different implementations.
 
-    -   TPM 1.2 implementations across both discrete and firmware vary in policy settings. This may result in support issues as lockout policies vary.
-    -   TPM 2.0 standardized policy requirement helps establish a consistent lockout experience across devices, as such, Windows can offer a better user experience end to end.
+    -   TPM 1.2 implementations vary in policy settings. This may result in support issues as lockout policies vary.
+    -   TPM 2.0 lockout policy is configured by Windows, ensuring a consistent dictionary attack protection guarantee.
 
--   While TPM 1.2 parts were discrete silicon components typically soldered on the motherboard, TPM 2.0 is available both as a **discrete (dTPM)** silicon component and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on the system’s main SoC:
+-   While TPM 1.2 parts are discrete silicon components which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a sinple semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s) - and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC.
 
-    -   On Intel chips, it is the Intel Management Engine (ME) or Converged Security Engine (CSE).
-    -   For AMD chips, it is the AMD Security Processor
-    -   For ARM chips, it is a Trustzone Trusted Application (TA).
-    -   In the case of firmware TPM for desktop Windows systems, the chip vendor provides the firmware TPM implementation along with the other chip firmware to OEMs.
+## Discrete, Integrated or Firmware TPM?
 
-## Discrete or firmware TPM?
+There are three implementation options for TPMs:
 
-Windows uses discrete and firmware TPM in the same way. Windows gains no functional advantage or disadvantage from either option.
+-	Discrete TPM chip as a separate component in its own semiconductor package 
+-	Integrated TPM solution, using dedicated hardware integrated into one or more semiconductor packages alongside, but logically separate from, other components
+-   Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit
 
-From a security standpoint, discrete and firmware share the same characteristics;
-
--   Both use hardware based secure execution.
--   Both use firmware for portions of the TPM functionality.
--   Both are equipped with tamper resistance capabilities.
--   Both have unique security limitations/risks.
-
-For more info, see [fTPM: A Firmware-based TPM 2.0 Implementation](http://research.microsoft.com/apps/pubs/?id=258236).
+Windows uses any compatible TPM in the same way.  Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions which should suit all needs.
 
 ## Is there any importance for TPM for consumer?
 
-For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
+For end consumers, TPM is behind the scenes but is still very relevant.  TPM is used for Windows Hello, Windows Passport and in the future, will be a components of many other key security features in Windows. TPM secures the PIN for Passport, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
 
 ## TPM 2.0 Compliance for Windows 10
 
@@ -92,15 +85,6 @@ For end consumers, TPM is behind the scenes but still very relevant for Hello, P
 
 - As of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx)
  
-## Two implementation options: 
-
--	Discrete TPM chip as a separate discrete component 
--	Firmware TPM solution using Intel PTT (platform trust technology) or AMD 
-
-### Windows 10 Mobile
-
--   All devices shipping with Windows 10 Mobile must implement TPM 2.0 and ship with the TPM 2.0 enabled.
-
 ### IoT Core
 
 -   TPM is optional on IoT Core.
@@ -226,7 +210,7 @@ The following table defines which Windows features require TPM support. Some fea
 </table>
  
 ## Chipset options for TPM 2.0
-There are a variety of TPM manufacturers for both discrete and firmware.
+There is a vibrant ecosystem of TPM manufacturers.
 ### Discrete TPM
 <table>
 <colgroup>
@@ -250,6 +234,33 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 </tbody>
 </table>
  
+### Integrated TPM 
+<table>
+<colgroup>
+<col width="100%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Supplier</th>
+<th align="left">Chipset</th>
+</tr>
+</thead>
+<tbody>
+<tr class="even">
+<td align="left">Intel</td>
+<td align="left"><ul>
+<li>Atom (CloverTrail)
+<li>Baytrail</li>
+<li>Braswell</li>
+<li>4th generation Core (Haswell)</li>
+<li>5th generation Core (Broadwell)</li>
+<li>6th generation Core (Skylake)</li>
+<li>7th generation Core (Kaby Lake)</li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
 ### Firmware TPM
 <table>
 <colgroup>
@@ -272,17 +283,6 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 </ul></td>
 </tr>
 <tr class="even">
-<td align="left">Intel</td>
-<td align="left"><ul>
-<li>Atom (CloverTrail)
-<li>Baytrail</li>
-<li>4th generation(Haswell)</li>
-<li>5th generation(Broadwell)</li>
-<li>Braswell</li>
-<li>Skylake</li>
-</ul></td>
-</tr>
-<tr class="odd">
 <td align="left">Qualcomm</td>
 <td align="left"><ul>
 <li>MSM8994</li>

From efac80e27e667e1ee341c6569a253ddaba46f06c Mon Sep 17 00:00:00 2001
From: coolriggs <chriggs@microsoft.com>
Date: Tue, 25 Oct 2016 16:28:46 -0700
Subject: [PATCH 03/11] Update tpm-recommendations.md

---
 windows/keep-secure/tpm-recommendations.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md
index 20c1c827db..277ad8c4ba 100644
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@@ -77,13 +77,13 @@ Windows uses any compatible TPM in the same way.  Microsoft does not take a posi
 
 ## Is there any importance for TPM for consumer?
 
-For end consumers, TPM is behind the scenes but is still very relevant.  TPM is used for Windows Hello, Windows Passport and in the future, will be a components of many other key security features in Windows. TPM secures the PIN for Passport, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
+For end consumers, TPM is behind the scenes but is still very relevant.  TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a components of many other key security features in Windows. TPM secures the PIN, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
 
 ## TPM 2.0 Compliance for Windows 10
 
 ### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
 
-- As of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx)
+- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx)
  
 ### IoT Core
 

From f9fd1556f2f6b0be4397efa953c974e22b7a68b7 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 26 Oct 2016 07:14:52 -0700
Subject: [PATCH 04/11] Updated icon overlay text for unenlightened, but
 allowed apps

---
 windows/keep-secure/create-wip-policy-using-intune.md | 6 +++---
 windows/keep-secure/create-wip-policy-using-sccm.md   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
index 697b91a142..e03655d531 100644
--- a/windows/keep-secure/create-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -457,11 +457,11 @@ After you've decided where your protected apps can access enterprise data on you
 
 	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
 
-    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explore views. The options are:
+    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the **Save As** and File Explorer views. The options are:
 
-    	- **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explore views.
+    	- **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu.
 
-	    - **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing on corporate files in the Save As and File Explore views.
+	    - **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but allowed apps.
 
 2. Click **Save Policy**.
 
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
index 33644e7bec..523318c58c 100644
--- a/windows/keep-secure/create-wip-policy-using-sccm.md
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -438,7 +438,7 @@ There are no default locations included with WIP, you must add each of your netw
 
         - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
 
-        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explore views of File Explorer.
+        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu.
 
 5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
     

From eed1c8d7347a24934b208a672403e48514eee429 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 26 Oct 2016 07:18:48 -0700
Subject: [PATCH 05/11] Updated recommended setting and default

---
 windows/keep-secure/create-wip-policy-using-intune.md | 6 +++---
 windows/keep-secure/create-wip-policy-using-sccm.md   | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
index e03655d531..80a3bee4f1 100644
--- a/windows/keep-secure/create-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -455,13 +455,13 @@ After you've decided where your protected apps can access enterprise data on you
 
 	    - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
 
-	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
+	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps. 
 
     - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the **Save As** and File Explorer views. The options are:
 
-    	- **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu.
+    	- **Yes.** Allows the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu.
 
-	    - **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but allowed apps.
+        - **No, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but allowed apps. Not configured is the default option.
 
 2. Click **Save Policy**.
 
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
index 523318c58c..b99e39c818 100644
--- a/windows/keep-secure/create-wip-policy-using-sccm.md
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -434,11 +434,11 @@ There are no default locations included with WIP, you must add each of your netw
 
     ![Create Configuration Item wizard, Add whether to search for additional network settings](images/wip-sccm-optsettings.png)
 
-        - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network.
+        - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. Not configured is the default option.
 
-        - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
+        - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
 
-        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu.
+        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu. Not configured is the default option.
 
 5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
     

From 9c8a5228d508f03841c578098ac9e85d2d34278b Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 26 Oct 2016 07:23:47 -0700
Subject: [PATCH 06/11] Added Microsoft Remote Desktop

---
 .../enlightened-microsoft-apps-and-wip.md     | 27 ++++++++++---------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
index 9793cfc53f..f6b1ea7f6e 100644
--- a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
@@ -21,7 +21,7 @@ localizationpriority: high
 Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.
 
 ## Enlightened versus unenlightened apps
-Apps can be enlightened (policy-aware) or unenlightened (policy-unaware).
+Apps can be enlightened (also referred to as WIP-aware) or unenlightened (also referred to as WIP-unaware).
 
 -   **Enlightened apps** can differentiate between corporate and personal data, correctly determining which to protect, based on your policies.
 
@@ -34,27 +34,29 @@ Apps can be enlightened (policy-aware) or unenlightened (policy-unaware).
 ## List of enlightened Microsoft apps
 Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
 
--   Microsoft Edge
+- Microsoft Edge
 
--   Internet Explorer 11
+- Internet Explorer 11
 
--   Microsoft People
+- Microsoft People
 
--   Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
+- Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
 
--   Microsoft Photos
+- Microsoft Photos
 
 <!-- Microsoft OneDrive -->
 
--   Groove Music
+- Groove Music
 
--   Notepad
+- Notepad
 
--   Microsoft Paint
+- Microsoft Paint
 
--   Microsoft Movies & TV
+- Microsoft Movies & TV
 
--   Microsoft Messaging
+- Microsoft Messaging
+
+- Microsoft Remote Desktop
 
 ## Adding enlightened Microsoft apps to the allowed apps list
 You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and System Center Configuration Manager.
@@ -75,4 +77,5 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
 |IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** iexplore.exe<br>**App Type:** Desktop app |
 |Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** onedrive.exe<br>**App Type:** Desktop app|
 |Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** notepad.exe<br>**App Type:** Desktop app |
-|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mspaint.exe<br>**App Type:** Desktop app |
\ No newline at end of file
+|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mspaint.exe<br>**App Type:** Desktop app |
+|Microsoft Remote Desktop |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mstsc.exe<br>**App Type:** Desktop app |
\ No newline at end of file

From 257cfc4cce1ae386b4480d65fef75cc705daf6a6 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 26 Oct 2016 07:39:55 -0700
Subject: [PATCH 07/11] Fixed text

---
 windows/keep-secure/create-wip-policy-using-intune.md | 2 +-
 windows/keep-secure/create-wip-policy-using-sccm.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
index 80a3bee4f1..bd7e5c648e 100644
--- a/windows/keep-secure/create-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -459,7 +459,7 @@ After you've decided where your protected apps can access enterprise data on you
 
     - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the **Save As** and File Explorer views. The options are:
 
-    	- **Yes.** Allows the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu.
+    	- **Yes.** Allows the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu.
 
         - **No, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but allowed apps. Not configured is the default option.
 
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
index b99e39c818..8318ca21c6 100644
--- a/windows/keep-secure/create-wip-policy-using-sccm.md
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -438,7 +438,7 @@ There are no default locations included with WIP, you must add each of your netw
 
         - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
 
-        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with **Managed** text on the app name in the **Start** menu. Not configured is the default option.
+        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
 
 5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
     

From 050459925285597410c784bdf54bb77a030a66e7 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 26 Oct 2016 07:53:33 -0700
Subject: [PATCH 08/11] Fixed text

---
 windows/keep-secure/create-wip-policy-using-intune.md | 4 ++--
 windows/keep-secure/create-wip-policy-using-sccm.md   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
index bd7e5c648e..e3e8483484 100644
--- a/windows/keep-secure/create-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -457,9 +457,9 @@ After you've decided where your protected apps can access enterprise data on you
 
 	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps. 
 
-    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the **Save As** and File Explorer views. The options are:
+    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
 
-    	- **Yes.** Allows the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu.
+    	- **Yes.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu.
 
         - **No, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but allowed apps. Not configured is the default option.
 
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
index 8318ca21c6..031da1a038 100644
--- a/windows/keep-secure/create-wip-policy-using-sccm.md
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -438,7 +438,7 @@ There are no default locations included with WIP, you must add each of your netw
 
         - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
 
-        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the **Save As** and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
+        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
 
 5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
     

From 3af426c58102dad5f2f8865b1ab08d72a213a7a1 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 26 Oct 2016 07:55:30 -0700
Subject: [PATCH 09/11] Updated with change to add Microsoft Remote Desktop
 info

---
 windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 3e705828e0..ec6211f5b0 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 
 | New or changed topic | Description |
 | --- | --- |
+|[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Added Microsoft Remote Desktop information. |
 |[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) and [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the text about the icon overlay option. This icon now only appears on corporate files in the Save As and File Explore views |
 |[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Added content about using ActiveX controls.|
 |[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |New |

From 5d530fb3adb0f018285bc4873d7d1fc34a37961c Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Wed, 26 Oct 2016 09:29:15 -0700
Subject: [PATCH 10/11] fixing links and formatting

---
 windows/manage/acquire-apps-windows-store-for-business.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/manage/acquire-apps-windows-store-for-business.md b/windows/manage/acquire-apps-windows-store-for-business.md
index f9a6004ba5..156d071c04 100644
--- a/windows/manage/acquire-apps-windows-store-for-business.md
+++ b/windows/manage/acquire-apps-windows-store-for-business.md
@@ -33,7 +33,7 @@ There are a couple of things we need to know when you pay for apps. You can add
 You can add payment info on **Account information**. If you don’t have one saved with your account, you’ll be prompted to provide one when you buy an app.
 
 ## Acquire apps
-To acquire an app  
+**To acquire an app**  
 1.	Log in to http://businessstore.microsoft.com
 2.	Click Shop, or use Search to find an app. 
 3.	Click the app you want to purchase. 
@@ -42,7 +42,7 @@ To acquire an app
 6.	If you don’t have a payment method saved in Account settings, Store for Business will prompt you for one.
 7.	Add your credit card or debit card info, and click **Next**. Your card info is saved as a payment option on **Account information**.
 
-You’ll also need to have your business address saved on **Account information**. The address is used to generate tax rates. For more information on taxes for apps, see organization tax information. 
+You’ll also need to have your business address saved on **Account information**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings#organization-tax-information). 
 
 Store for Business adds the app to your inventory. From **Inventory**, you can:
 - Distribute the app: add to private store, or assign licenses

From 4a15c27eb9cc519152b40d7031cf80772b57bb06 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 26 Oct 2016 10:08:53 -0700
Subject: [PATCH 11/11] fix author

---
 education/windows/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/education/windows/index.md b/education/windows/index.md
index 794b6706ac..98aaf94eef 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
-author: jdeckerMS
+author: CelesteDG
 ---
 
 # Windows 10 for Education