diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 2358d61c40..e06f28392e 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -9,7 +9,7 @@
       "build_output_subfolder": "education",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -20,7 +20,7 @@
       "build_output_subfolder": "browsers/internet-explorer",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -45,7 +45,7 @@
       "build_output_subfolder": "mdop",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -56,7 +56,7 @@
       "build_output_subfolder": "browsers/edge",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -67,7 +67,7 @@
       "build_output_subfolder": "devices/surface",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -78,7 +78,7 @@
       "build_output_subfolder": "devices/surface-hub",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -89,7 +89,7 @@
       "build_output_subfolder": "windows",
       "locale": "en-us",
       "version": 0,
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       }
@@ -101,7 +101,8 @@
   "branches_to_filter": [
     ""
   ],
-  "git_repository_url_open_to_public_contributors": "",
+  "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs",
+  "git_repository_branch_open_to_public_contributors": "master",
   "skip_source_output_uploading": false,
   "dependent_repositories": []
-}
+}
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000000..7a759f8ecb
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,92 @@
+# Contributing to Windows IT professional documentation
+
+Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
+This page covers the basic steps for contributing to our technical documentation.
+
+## Sign a CLA
+
+All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before contributing to any Microsoft repositories. 
+If you've already contributed to Microsoft repositories in the past, congratulations! 
+You've already completed this step.
+
+## Editing topics
+
+We've tried to make editing an existing, public file as simple as possible.
+
+>**Note**<br>
+>At this time, only the English (en-us) content is available for editing.
+
+**To edit a topic**
+
+1.	Go to the page on TechNet that you want to update, and then click **Contribute**.
+
+       ![GitHub Web, showing the Contribute link](images/contribute-link.png)
+
+2. Log into (or sign up for) a GitHub account.
+    
+    You must have a GitHub account to get to the page that lets you edit a topic.
+
+3. Click the **Pencil** icon (in the red box) to edit the content.
+
+       ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
+
+4.	Using markdown language, make your changes to the topic. For info about how to edit content using markdown, see:
+    - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
+    
+    - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) 
+
+5.	Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+
+       ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png)
+
+6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+
+    ![GitHub Web, showing the Propose file change button](images/propose-file-change.png)
+
+    The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+
+7.	On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+
+    If there are no problems, you’ll see the message, **Able to merge**.
+
+    ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png)
+
+8.	Click **Create pull request**.
+
+9.	Enter a title and description to give the approver the appropriate context about what’s in the request.
+
+10.	Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+
+11.	Click **Create pull request** again to actually submit the pull request.
+
+    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
+
+    - [Windows 10](https://technet.microsoft.com/itpro/windows)
+    - [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer)
+    - [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge)
+    - [Surface](https://technet.microsoft.com/itpro/surface)
+    - [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
+    - [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+    - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) 
+
+## Making more substantial changes
+
+To make substantial changes to an existing article, add or change images, or contribute a new article, you will need to create a local clone of the content. 
+For info about creating a fork or clone, see the GitHub help topic, [Fork a Repo](https://help.github.com/articles/fork-a-repo/).
+
+Fork the official repo into your personal GitHub account, and then clone the fork down to your local device.  Work locally, then push your changes back into your fork.  Then open a pull request back to the master branch of the official repo.
+
+## Using issues to provide feedback on documentation
+
+If you just want to provide feedback rather than directly modifying actual documentation pages, you can create an issue in the repository.
+
+At the top of a topic page you'll see an **Issues** tab. Click the tab and then click the **New issue** button. 
+
+Be sure to include the topic title and the URL for the page you're submitting the issue for, if that page is different from the page you launched the **New issue** dialog from.  
+
+## Resources
+
+You can use your favorite text editor to edit Markdown.  We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
+
+You can learn the basics of Markdown in just a few minutes.  To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
+
diff --git a/README.md b/README.md
index f5b28b423b..fa13a55593 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,20 @@
-# win-cpub-itpro-docs
-This repo hosts the WDG ITPro content that is published to TechNet.
+# Windows IT professional documentation
+
+Welcome! This repository houses the docs that are written for IT professionals for the following products:
+
+- [Windows 10](https://technet.microsoft.com/itpro/windows)
+- [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer)
+- [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge)
+- [Surface](https://technet.microsoft.com/itpro/surface)
+- [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
+- [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+- [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) 
+
+## Contributing
+
+We actively merge contributions into this repository via [pull request](https://help.github.com/articles/using-pull-requests/) into the *master* branch. 
+If you are not a Microsoft employee, before you submit a pull request you must [sign a Contribution License Agreement](https://cla.microsoft.com/) to ensure that the community is free to use your submissions.
+For more information on contributing, read our [contributions guide](CONTRIBUTING.md).
+
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
-
-English Handoff Folder Structure Demo!
diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md
index c15b35774b..29090e5faa 100644
--- a/browsers/edge/Index.md
+++ b/browsers/edge/Index.md
@@ -6,6 +6,7 @@ ms.prod: edge
 ms.mktglfcycl: general
 ms.sitesec: library
 title: Microsoft Edge - Deployment Guide for IT Pros (Microsoft Edge for IT Pros)
+localizationpriority: high
 ---
 
 # Microsoft Edge - Deployment Guide for IT Pros
@@ -15,6 +16,8 @@ title: Microsoft Edge - Deployment Guide for IT Pros (Microsoft Edge for IT Pros
 - Windows 10
 - Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities.
 
 Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
@@ -47,11 +50,11 @@ However, if you're running web apps that continue to use:
 
 * legacy document modes
 
-You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
+You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
 
 ## Related topics
 
-- [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=290956)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760644)
-- [Internet Explorer 11 - FAQ for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760645)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](http://go.microsoft.com/fwlink/p/?LinkId=760646)
+- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
+- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
+- [Internet Explorer 11 - FAQ for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760645)
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 22c69f91b8..c7e1e2fcd2 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -19,7 +19,7 @@ localizationpriority: high
 Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
 
 By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
-<p>**Note**<br>For more info about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](http://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](http://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](http://go.microsoft.com/fwlink/p/?LinkId=617924).
+<p>**Note**<br>For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
 
 ## Group Policy settings
 Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
@@ -48,7 +48,7 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
 |Show message when opening sites in Internet Explorer |Windows 10 Insider Preview |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you disable or don’t configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>**Disabled or not configured (default):** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. |
 
 ##  Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
-If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( http://go.microsoft.com/fwlink/p/?LinkId=722885) page.
+If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
 
 <p>**Note**<br>The **Supports** column uses these options:
 
@@ -102,8 +102,8 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
 |AllowSyncMySettings |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees can’t sync settings between PCs.</li><li>**1 (default).** Employees can sync between PCs.</li></ul></li></ul> |
 
 ## Related topics
-* [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514)
-* [Mobile Data Management (MDM) settings]( http://go.microsoft.com/fwlink/p/?LinkId=722885)
+* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
+* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
  
 
  
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index 1a8c85b533..4d6bfce510 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -19,7 +19,7 @@ localizationpriority: high
 If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.
 
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
-<p>**Note**<br>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714).
+<p>**Note**<br>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 
 ## Fix specific websites
 
@@ -27,7 +27,7 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip
 
 ![](images/wedge.gif) **To add sites to your list**
 
-1.  In the Enterprise Mode Site List Manager, click **Add**.<p>If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](http://go.microsoft.com/fwlink/p/?LinkId=618322).<p>![Enterprise Mode Site List Manager with Open in IE box](images/emie_open_in_ie.png)
+1.  In the Enterprise Mode Site List Manager, click **Add**.<p>If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](https://go.microsoft.com/fwlink/p/?LinkId=618322).<p>![Enterprise Mode Site List Manager with Open in IE box](images/emie_open_in_ie.png)
 
 2.  Type or paste the URL for the website that’s experiencing compatibility problems, like *&lt;domain&gt;*.com or *&lt;domain&gt;*.com/*&lt;path&gt;* into the **URL** box. <p>You don’t need to include the `http://` or `https://` designation. The tool will automatically try both versions during validation.
 
@@ -37,11 +37,11 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip
 
 5.  Click **Save** to validate your website and to add it to the site list for your enterprise.<p>If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
 
-6.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](http://go.microsoft.com/fwlink/p/?LinkId=618952).
+6.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](https://go.microsoft.com/fwlink/p/?LinkId=618952).
 
 ### Set up Microsoft Edge to use the Enterprise Mode site list
 
-You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](http://go.microsoft.com/fwlink/p/?linkid=618377).
+You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).
 
 ![](images/wedge.gif) **To turn on Enterprise Mode using Group Policy**
 
@@ -70,7 +70,7 @@ You must turn on the **Use Enterprise Mode Site List** Group Policy setting befo
 ## Fix your intranet sites
 
 You can add the **Send all intranet traffic over to Internet Explorer** Group Policy setting for Windows 10 so that all of your intranet sites open in IE11. This means that even if your employees are using Microsoft Edge, they will automatically switch to IE11 while viewing the intranet.
-<p>**Note**<br>If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714).
+<p>**Note**<br>If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 
 ![](images/wedge.gif) **To turn on Sends all intranet traffic over to Internet Explorer using Group Policy**
 
@@ -81,11 +81,11 @@ You can add the **Send all intranet traffic over to Internet Explorer** Group Po
 3.  Refresh your policy in your organization and then view the affected sites in Microsoft Edge.<p>The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
 
 ## Related topics
-* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](http://go.microsoft.com/fwlink/p/?LinkID=624035)
-* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](http://go.microsoft.com/fwlink/p/?LinkId=394378)
-* [Enterprise Mode Site List Manager for Windows 10 download](http://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](http://go.microsoft.com/fwlink/p/?linkid=618377)
-* [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714)
+* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
+* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](https://go.microsoft.com/fwlink/p/?LinkId=394378)
+* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
+* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
+* [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714)
  
 
  
diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
index 436053d3ec..a3dcf46f40 100644
--- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
+++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
@@ -21,7 +21,7 @@ localizationpriority: high
 -   Windows 10
 
 ## Enterprise guidance
-Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956).
+Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
 
 We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
 
diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/hardware-and-software-requirements.md
index 2c56db269a..d423c37bd4 100644
--- a/browsers/edge/hardware-and-software-requirements.md
+++ b/browsers/edge/hardware-and-software-requirements.md
@@ -29,7 +29,7 @@ Some of the components in this table might also need additional system resources
 | Item               | Minimum requirements          |
 | ------------------ | -------------------------------------------- |
 | Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) |
-| Operating system   | <ul><li>Windows 10 (32-bit or 64-bit)</li><li>Windows 10 Mobile</li></ul><p>**Note**<br> For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](http://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
+| Operating system   | <ul><li>Windows 10 (32-bit or 64-bit)</li><li>Windows 10 Mobile</li></ul><p>**Note**<br> For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
 | Memory             | <ul><li>Windows 10 (32-bit) - 1 GB</li><li>Windows 10 (64-bit) - 2 GB</li></ul> |
 | Hard drive space   | <ul><li>Windows 10 (32-bit) - 16 GB</li><li>Windows 10 (64-bit) - 20 GB</li></ul> |
 | DVD drive          | DVD-ROM drive (if installing from a DVD-ROM) |
diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md
index b0ec9a4b4f..f55624a429 100644
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@@ -23,23 +23,23 @@
 ###[What is Enterprise Mode?](ie11-deploy-guide/what-is-enterprise-mode.md)
 ###[Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md)
 ###[Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md)
-###[Enterprise Mode schema v.2 guidance for Windows 10 devices](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
-###[Enterprise Mode schema v.1 guidance for Windows 7 and Windows 8.1 devices](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
+###[Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
+###[Enterprise Mode schema v.1 guidance](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
 ###[Check for a new Enterprise Mode site list xml file](ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md)
 ###[Turn on local control and logging for Enterprise Mode](ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md)
-###[Use the Enterprise Mode Site List Manager tool](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
-####[Add sites to the Enterprise Mode site list using the Windows 10 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-####[Add sites to the Enterprise Mode site list using the Windows 7 and Windows 8.1 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-####[Add multiple sites to the Enterprise Mode site list using a file and the Windows 10 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-####[Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and Windows 8.1 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager tool](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
-####[Fix validation problems using the Enterprise Mode Site List Manager tool](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
-####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-####[Save your site list to XML in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
-####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager tool](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
-####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager tool](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
-####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+###[Use the Enterprise Mode Site List Manager](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
+####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
+####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
+####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
+####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
+####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
+####[Fix validation problems using the Enterprise Mode Site List Manager](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
+####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+####[Save your site list to XML in the Enterprise Mode Site List Manager](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
+####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
+####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
+####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
 ###[Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md)
 ###[Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md)
 ###[Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index 816aad03bb..11347ac764 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -35,7 +35,7 @@ You use the ActiveX Installer Service (AXIS) and Group Policy to manage your Act
 
 -   **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
 
-For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=214503).
+For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=214503).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 99717bb268..a923c7b2dd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -99,7 +99,7 @@ After you’ve added all of your sites to the tool and saved the file to XML, yo
 
 ## Related topics
 - [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
  
 
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 886cbed096..4770a4ffb0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -108,7 +108,7 @@ You can save the file locally or to a network share. However, you must make sure
 After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
 - [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 6ae191787f..7e8c3c6910 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -53,7 +53,7 @@ You can save the file locally or to a network share. However, you must make sure
 After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
  
 
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 6f22bf4dfc..b18fa646cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -69,7 +69,7 @@ You can save the file locally or to a network share. However, you must make sure
 After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
  
 
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index 1774c25fd3..137b689b2f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -23,7 +23,7 @@ Administrative Templates are made up of a hierarchy of policy categories and sub
 
 -   Text explanations about each setting and the supported version of Internet Explorer.
 
-For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=214519).
+For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
 
 ## What are Administrative Templates?
 Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
@@ -34,7 +34,7 @@ Administrative Templates are XML-based, multi-language files that define the reg
 
 ## How do I store Administrative Templates?
 As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
-<p>**Important**<br>Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](http://go.microsoft.com/fwlink/p/?LinkId=276810).
+<p>**Important**<br>Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
 
 ## Administrative Templates-related Group Policy settings
 When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
@@ -68,11 +68,11 @@ IE11 provides these new policy settings, which are editable in the Local Group P
 ## Editing Group Policy settings
 Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
 
--   **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](http://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
+-   **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
 
--   **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](http://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
+-   **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
 
 ## Related topics
-- [Administrative templates (.admx) for Windows 10 download](http://go.microsoft.com/fwlink/p/?LinkId=746579)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=746580)
+- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
+- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index ede7f497c1..a64b645896 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -32,7 +32,7 @@ If you experience issues while setting up your proxy server, you can try these t
 
 2.  Click **Settings** or **LAN Settings**, and then look at your proxy server address.
 
-3.  If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.<p>**Note**<br>If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](http://go.microsoft.com/fwlink/p/?LinkId=85652).
+3.  If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.<p>**Note**<br>If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
 
  ![](images/wedge.gif) **To check that you've turned on the correct settings**
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 9a5efa2a85..f49ab30704 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -37,7 +37,7 @@ For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry
 
 ## Updating your automatic configuration settings
 After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-<p>**Important**<br>Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514).
+<p>**Important**<br>Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
 
  ![](images/wedge.gif) **To update your settings**
 
@@ -51,7 +51,7 @@ After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your
 
     -   **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
 
-    -   **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.<p> **Important**<br>Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like *http://share/test.ins*.
+    -   **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.<p> **Important**<br>Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`.
 
 If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index 4844421fea..b93b60f816 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -29,7 +29,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.<p>**No
 
 2.  Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
 
-3.  Open the [DHCP Administrative Tool](http://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](http://go.microsoft.com/fwlink/p/?LinkId=294649).
+3.  Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
 
  ![](images/wedge.gif) **To turn on automatic detection for DNS servers**
 
@@ -37,7 +37,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.<p>**No
 
 2.  Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
 
-3.  In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.<p>**-OR-**<p>Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>**Note**<br>For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](http://go.microsoft.com/fwlink/p/?LinkId=294651). 
+3.  In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.<p>**-OR-**<p>Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>**Note**<br>For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). 
 
 4.  After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.<p>**Note**<br>Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `http://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index 3e63de28b0..119052b438 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -36,7 +36,7 @@ You have two options to restrict your users' ability to override the automatic c
 
 -   **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
 
--   **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514).
+-   **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index 00c6e38225..36de09f8ce 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -14,7 +14,7 @@ ms.sitesec: library
 # Browser cache changes and roaming profiles
 We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
 
-You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](http://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.<p>**Note**<br>Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Windows Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](http://go.microsoft.com/fwlink/p/?LinkId=401545).
+You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.<p>**Note**<br>Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Windows Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
 
 To get the best results while using roaming profiles, we strongly recommend the following:
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index b1243f0790..fdd8ac9361 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -14,7 +14,9 @@ This topic lists new and updated topics in the Internet Explorer 11 documentatio
 ## August 2016
 |New or changed topic | Description |
 |----------------------|-------------|
-[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
+|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
 
 ## July 2016
 |New or changed topic | Description |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index da141bbcc1..cf90d5c6b3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -17,13 +17,13 @@ Before you install Internet Explorer 11, you should:
 
 -   **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
 
--   **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](http://go.microsoft.com/fwlink/p/?LinkId=214251) site.
+-   **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
 
 -   **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
 
-    -   **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](http://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](http://go.microsoft.com/fwlink/p/?linkid=276667).
+    -   **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://go.microsoft.com/fwlink/p/?linkid=276667).
 
-    -   **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](http://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](http://go.microsoft.com/fwlink/p/?LinkId=276669).
+    -   **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index ab5a60cbce..22d411f58d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -24,7 +24,7 @@ Before you start, you need to make sure you have the following:
 
 -   Latest cumulative security update (for all supported versions of Internet Explorer):
 
-    1.  Go to the [Microsoft Security Bulletin](http://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
+    1.  Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
 
         ![microsoft security bulletin techcenter](images/securitybulletin-filter.png)
 
@@ -34,7 +34,7 @@ Before you start, you need to make sure you have the following:
 
     3.  Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
 
--   [Setup and configuration package](http://go.microsoft.com/fwlink/p/?LinkId=517719), including:
+-   [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
 
     -   Configuration-related PowerShell scripts
 
@@ -138,7 +138,7 @@ You need to set up your computers for data collection by running the provided Po
 
 **To set up Enterprise Site Discovery**
 
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
 
 ### WMI only: Set up your firewall for WMI data
 If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
@@ -465,7 +465,7 @@ You can completely remove the data stored on your employee’s computers.
     -   `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
 
 ## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](http://go.microsoft.com/fwlink/?LinkId=746562)
+* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
 * [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index 59d5f7b349..7a8162ee05 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -28,7 +28,7 @@ In addition, you can configure IE before, during, or after deployment, using the
 -   **Group Policy**. Configures and enforces IE11 settings. For more information about settings and configuration options, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
 
 -   **Unattend.xml**. Customizes some of the IE settings during your Windows installation. This option only applies if you're updating a Windows image with IE11.<p>**Note**<br>
-You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkId=276788). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=276789).
+You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkId=276788). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=276789).
 
      
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 16af47ddd2..360620938d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -34,8 +34,8 @@ If you delete a site by mistake, you’ll need to manually add it back using the
 -   [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index cc8ef4ae26..6654729ec6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -13,13 +13,13 @@ ms.sitesec: library
 # Deploy Internet Explorer 11 using software distribution tools
 If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
 
--   **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=276664).
+-   **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664).
 
--   **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790).
+-   **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
 
--   **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](http://go.microsoft.com/fwlink/p/?LinkId=296365).
+-   **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](https://go.microsoft.com/fwlink/p/?LinkId=296365).
 
--   **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkID=331148).
+-   **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkID=331148).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index bfea483922..affd42d162 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -22,10 +22,10 @@ ms.sitesec: library
 
 You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.
 
-The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=398474).
+The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=398474).
 
 ## Deploying pinned websites in MDT 2013
-This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=398475) in the TechNet library.
+This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=398475) in the TechNet library.
 
 Deploying pinned websites in MDT 2013 is a 4-step process:
 
@@ -101,13 +101,13 @@ With the .website files ready to copy to the **Public Links** folder on target c
 ## Updating intranet websites for pinning
 The MDT 2013 deployment share and task sequences are now ready to pin websites to the taskbar during deployment. This pinning feature can include intranet sites important in your organization.
 
-You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](http://go.microsoft.com/fwlink/p/?LinkId=398484) on MSDN. For more ideas about what to pin, see [Add-ons](http://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
+You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](https://go.microsoft.com/fwlink/p/?LinkId=398484) on MSDN. For more ideas about what to pin, see [Add-ons](https://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
 
 ## Related topics
-- [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkId=276788)
-- [Windows System Image Manager Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=276789)
-- [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=331148)
-- [Windows ADK Overview](http://go.microsoft.com/fwlink/p/?LinkId=276669)
+- [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkId=276788)
+- [Windows System Image Manager Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=276789)
+- [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148)
+- [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669)
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 4b0660cb93..0be45f20c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -26,7 +26,7 @@ Windows Internet Explorer 8 introduced document modes as a way to move from the
 This means that while Internet Explorer 11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.
 
 **Note**<br>
-For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](http://go.microsoft.com/fwlink/p/?LinkId=615953).
+For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953).
 
 ## What is document mode?
 Each release after Internet Explorer 8 has helped with the transition by introducing additional document modes that emulated previously supported versions, while also introducing support for features defined by industry standards. During this time, numerous websites and apps were updated to the latest and greatest industry standards, while many other sites and apps continued to simply rely on document modes to work properly.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 602456e9d1..7ebacccb8b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -38,8 +38,8 @@ If your change passes validation, it’s added to the global site list. If the u
 You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index 0e467ceb7e..971612c41b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -16,7 +16,7 @@ Enhanced Protected Mode further restricts Protected Mode to deny potential attac
 
 You can use your company’s Group Policy to turn Enhanced Protected Mode on or off for all users. For more information, see the [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md) information in this guide.
 
-For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=282662) and the [Enhanced Protected Mode and Local Files](http://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
+For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=282662) and the [Enhanced Protected Mode and Local Files](https://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 0530962b03..e78df6c4c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -15,8 +15,9 @@ ms.sitesec: library
 
 **Applies to:**
 
--   Windows 8.1
--   Windows 7
+- Windows 10
+- Windows 8.1
+- Windows 7
 
 Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md). 
 
@@ -86,7 +87,19 @@ This table includes the elements used by the Enterprise Mode schema.
   &lt;emie&gt;
     &lt;domain&gt;contoso.com&lt;/domain&gt;
   &lt;/emie&gt;
-&lt;/rules>&gt;</pre></td>
+&lt;/rules&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;[10.122.34.99]:8080&lt;/domain&gt;
+  &lt;/emie&gt;
+  &lt;/rules&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;10.122.34.99:8080&lt;/domain&gt;
+  &lt;/emie&gt;
+  &lt;/rules&gt;</pre></td>
 <td>Internet Explorer 11 and Microsoft Edge</td>
 </tr>
 <tr>
@@ -191,7 +204,6 @@ For example, say you want all of the sites in the contoso.com domain to open usi
 We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
 - Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
 - Don’t use wildcards.
-- Don't use IP Addresses.
 - Don’t use query strings, ampersands break parsing.
 
 ## How to use trailing slashes
@@ -283,5 +295,4 @@ If you want to target specific sites in your organization.
 <li>contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.</li>
 </ul>
 </td></tr>
-</table>
-
+</table>
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 1379a67bf3..5c003a24c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -118,7 +118,15 @@ This table includes the elements used by the v.2 version of the Enterprise Mode
 &lt;site url="contoso.com"&gt;
   &lt;compat-mode&gt;default&lt;/compat-mode&gt;
   &lt;open-in&gt;none&lt;/open-in&gt;
-&lt;/site&gt;</pre><p>
+&lt;/site&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
 You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which also sets:
 <ul>
   <li>&lt;compat-mode&gt;default&lt;/compat-mode&gt;</li>
@@ -133,7 +141,15 @@ You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which al
 <pre class="syntax">
 &lt;site url="contoso.com"&gt;
   &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
-&lt;/site&gt;</pre><p>
+&lt;/site&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
 Where:
 <ul>
   <li><b>IE8Enterprise.</b> Loads the site in IE8 Enterprise Mode.<br>This element is required for sites included in the <b>EmIE</b> section of the v.1 schema and is needed to load in IE8 Enterprise Mode.</li><p>
@@ -260,7 +276,6 @@ We recommend that you not add any of the following items to your schema because
 
 - Don’t use protocols. For example, http://, https://, or custom protocols. They break parsing.
 - Don’t use wildcards.
-- Don't use IP Addresses.
 - Don’t use query strings, ampersands break parsing.
 
 ## Related topics
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 0e139e5c9e..b45f274bcc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -34,8 +34,8 @@ This file is not intended for distribution to your managed devices. Instead, it
 
 ## Related topics
 
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 7fec74ed4e..94e5e4a1da 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -18,7 +18,7 @@ The Internet Explorer 11 Enterprise Mode site list lets you specify document mo
 Enterprises can have critical apps that are coded explicitly for a specific browser version and that might not be in their direct control, making it very difficult and expensive to update to modern standards or newer browser versions. Because you can decide which URLs should open using specific document modes, this update helps ensure better compatibility, faster upgrades, and reduced testing and fixing costs.
 
 ## How does this fix work?
-You can continue to use your legacy and orphaned web apps, by specifying a document mode in the centralized Enterprise Mode site list. Then, when IE11 goes to a site on your list, the browser loads the page in the specified document mode just as it would if it were specified through an X-UA-Compatible meta tag on the site. For more information about document modes and X-UA-compatible headers, see [Defining document compatibility](http://go.microsoft.com/fwlink/p/?LinkId=518412).
+You can continue to use your legacy and orphaned web apps, by specifying a document mode in the centralized Enterprise Mode site list. Then, when IE11 goes to a site on your list, the browser loads the page in the specified document mode just as it would if it were specified through an X-UA-Compatible meta tag on the site. For more information about document modes and X-UA-compatible headers, see [Defining document compatibility](https://go.microsoft.com/fwlink/p/?LinkId=518412).
 
 **Important**<br>
 Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual.
@@ -40,7 +40,7 @@ To see if this fix might help you, run through this process one step at a time,
     ![Emulation tool showing document mode selection](images/docmode-f12.png)
 
 2.  Starting with the **11 (Default)** option, test your broken scenario.<br>
-If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](http://go.microsoft.com/fwlink/p/?LinkId=518417).
+If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](https://go.microsoft.com/fwlink/p/?LinkId=518417).
 
 3.  If none of the document modes fix your issue, change the **Browser Profile** to **Enterprise**, pick the mode you want to test with starting with **8** (IE8 Enterprise Mode), and then test your broken scenario.
 
@@ -94,8 +94,8 @@ By default, IE11 uses the **Display intranet sites in Compatibility View** setti
 To help you move forward, you can now use the Enterprise Mode site list to specify sites or web paths to use the IE7 document mode, which goes down to IE5 “Quirks” mode if the page doesn’t have an explicit `DOCTYPE` tag. Using this document mode effectively helps you provide the Compatibility View functionality for single sites or a group of sites, which after thorough testing, can help you turn off Compatibility View as the default setting for your intranet sites.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index bbe1126304..cb34e15ac9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -33,8 +33,8 @@ There are typically 3 types of errors you’ll see:
 Another possibility is that redirection happens multiple times, with an intermediary site experiencing compatibility issues. For example, an employee types a short URL that then redirects multiple times, finally ending up on a non-intranet site. In this situation, you might want to add the intermediary URLs to your Enterprise Mode site list, in case there’s logic in one of them that has compatibility issues.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index c790100b59..3ae9e11aab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -29,7 +29,7 @@ From AGPM you can:
 -   **Manage your GPO lifecycle with change control features.** You can use the available version-control, history, and auditing features to help you manage your GPOs while moving through your archive, to your editing process, and finally to your GPO deployment.
 
 **Note**<br>
-For more information about AGPM, and to get the license, see [Microsoft Advanced Group Policy Management 4.0 SP1 Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=294916).
+For more information about AGPM, and to get the license, see [Microsoft Advanced Group Policy Management 4.0 SP1 Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=294916).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index f084039195..2a7f645030 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -31,10 +31,10 @@ The GPMC lets you:
 
 -   Create scriptable interfaces to support all of the operations available within the GPMC. You can't use scripts to edit individual policy settings in a GPO.
 
-For more information about the GPMC, see [Group Policy Management Console](http://go.microsoft.com/fwlink/p/?LinkId=214515) on TechNet.
+For more information about the GPMC, see [Group Policy Management Console](https://go.microsoft.com/fwlink/p/?LinkId=214515) on TechNet.
 
 ## Searching for Group Policy settings
-To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](http://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
+To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](https://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index 82b8c15411..4e9b26b3fc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -14,7 +14,7 @@ ms.sitesec: library
 # Group Policy, the Local Group Policy Editor, and Internet Explorer 11
 A Microsoft Management Console (MMC)-based tool that manages both computer and user-related configurations for an individual computer policy. This tool is included with Windows® 7 Service Pack 1 (SP1) and Windows 8.1.
 
-Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=294912).
+Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=294912).
 
 |Computer configuration |User configuration |
 |-----------------------|-------------------|
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index fe85ee8a60..37e54ed67e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -17,7 +17,7 @@ Group Policy, based on Microsoft Active Directory Domain Services (AD DS), lets
 By using Group Policy, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple Internet Explorer 11 security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
 
 **Note**<br>  
-For more information about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
+For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
 
 ## Managing settings with GPOs
 After deploying IE11 to your organization, you can continue to manage the browser settings by using Active Directory Domain Services (AD DS) together with the following Group Policy-related setting management groups:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index 7a83784eb4..4d460e76ab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -24,7 +24,7 @@ Group Policy preferences are less strict than Group Policy settings, based on:
 |Targeting and filtering |<ul><li>Targeting is specific, with a user interface for each type of targeting item</li><li>Supports targeting at the individual preference item level</li></ul> |<ul><li>Filtering is based on Windows Management Instrumentation (WMI), and requires writing WMI queries</li><li>Supports filtering at the Group Policy Object (GPO) level</li></ul> |
 
 
-For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=279876).
+For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index eae262566b..037d8a5da7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -12,10 +12,10 @@ ms.sitesec: library
 
 
 # Group Policy problems with Internet Explorer 11
-If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](http://go.microsoft.com/fwlink/p/?LinkId=279872).
+If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872).
 
 ## Group Policy Object-related Log Files
-You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](http://go.microsoft.com/fwlink/p/?LinkId=294917).
+You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](https://go.microsoft.com/fwlink/p/?LinkId=294917).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index c22a9b343e..a5c8385649 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -35,7 +35,7 @@ You can create and configure shortcuts for any domain-based Group Policy Object
 
 5.  Type the required shortcut settings and your comments into the **Description** box, and click **OK**.
 
-For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](http://go.microsoft.com/fwlink/p/?LinkId=214525) and [Configure a Shortcut Item](http://go.microsoft.com/fwlink/p/?LinkId=301837).
+For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](https://go.microsoft.com/fwlink/p/?LinkId=214525) and [Configure a Shortcut Item](https://go.microsoft.com/fwlink/p/?LinkId=301837).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index 3a4e3a12ec..c44db29784 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -24,7 +24,7 @@ Each cmdlet is a single-function command-line tool that can:
 
 -   Configure registry-based policy settings and registry settings for Group Policy preferences.
 
-For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=276828).
+For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=276828).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index d75450f2f7..a52315fec5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -35,8 +35,8 @@ Importing your file overwrites everything that’s currently in the tool, so mak
 3.  Review the alert message about all of your entries being overwritten. If you still want to import the file, click **Yes**.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 890a2f44e7..b1b9d3ce0b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -1,5 +1,4 @@
 ---
-localizationpriority: low
 ms.mktglfcycl: deploy
 description: Use this guide to learn about the several options and processes you'll need to consider while you're planning for, deploying, and customizing Internet Explorer 11 for your employee's devices.
 author: eross-msft
@@ -38,11 +37,11 @@ Because this content isn't intended to be a step-by-step guide, not all of the s
 |[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
 |[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |
 |[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called <em>out-of-date ActiveX control blocking</em>. |
-|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.<p>This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.<p><b>Note</b><br>For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](http://go.microsoft.com/fwlink/p/?LinkId=615953). |
+|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.<p>This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.<p><b>Note</b><br>For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953). |
 |[What is the Internet Explorer 11 Blocker Toolkit?](what-is-the-internet-explorer-11-blocker-toolkit.md) |The IE11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the <b>Automatic Updates</b> feature of Windows Update. |
 |[Missing Internet Explorer Maintenance (IEM) settings for Internet Explorer 11](missing-internet-explorer-maintenance-settings-for-ie11.md) |The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).<p>Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy preferences, Administrative Templates (.admx), or the IEAK 11.<p>Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the <b>Security</b> settings or Group Policy Preferences within the <b>Internet Zone</b> settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user. |
 |[Missing the Compatibility View Button](missing-the-compatibility-view-button.md) |Compatibility View was introduced in Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the IE web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior.<p>Thanks to these changes, using IE11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the <b>Compatibility View</b> button and reducing the number of compatibility options in the F12 developer tools for developers. |
-|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.<p>The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=398474).
+|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.<p>The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=398474).
 
 
 ## IE11 naming conventions
@@ -57,5 +56,5 @@ IE11 offers differing experiences in Windows 8.1:
 ## Related topics
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index c14130d8c1..37a5a38754 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 
 
 #  Install Internet Explorer 11 (IE11) using Microsoft Intune
-Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=301805).
+Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805).
 
 ## Adding and deploying the IE11 package
 You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune.
@@ -22,7 +22,7 @@ You can add and then deploy the IE11 package to any computer that's managed by M
 
 2.  Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi). 
 
-For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](http://go.microsoft.com/fwlink/p/?LinkId=301806).
+For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806).
 
  ![](images/wedge.gif) **To automatically deploy and install the IE11 package**
 
@@ -32,7 +32,7 @@ For more info about how to decide which one to use, and how to use it, see [Depl
 
 3.  After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard. 
 
-For more info about this, see [Deploy and configure apps](http://go.microsoft.com/fwlink/p/?LinkId=301806).
+For more info about this, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806).
 
  ![](images/wedge.gif) **To let your employees install the IE11 package**
 
@@ -40,7 +40,7 @@ For more info about this, see [Deploy and configure apps](http://go.microsoft.co
 
 2.  Any employee in the assigned group can now install the package. 
 
-For more info about this, see [Update apps using Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=301808)
+For more info about this, see [Update apps using Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301808)
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 10ee844152..88f8a3c2f5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -16,15 +16,15 @@ You can install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit
 
 You'll need to extract the .cab file for each supported operating system and platform combination and the .msu file for each prerequisite update. Download the IE11 update and prerequisites here:
 
--   [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=279697)
+-   [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=279697)
 
--   [Microsoft Update Catalog](http://go.microsoft.com/fwlink/p/?LinkId=214287)
+-   [Microsoft Update Catalog](https://go.microsoft.com/fwlink/p/?LinkId=214287)
 
 After you install the .msu file updates, you'll need to add them to your MDT deployment. You'll also need to extract the IE11 .cab update file from the IE11 installation package, using the `/x` command-line option. For example, `IE11-Windows6.1-x64-en-us.exe /x:c:\ie11cab`.
 
 ## Installing IE11 using Microsoft Deployment Toolkit (MDT) 
 
-MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?linkid=331148).
+MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?linkid=331148).
 
  ![](images/wedge.gif) **To add IE11 to a MDT deployment share**
 
@@ -43,9 +43,9 @@ You can add the IE11 update while you're performing offline servicing, or slipst
 
 These articles have step-by-step details about adding packages to your Windows images:
 
--   For Windows 8.1, see [Add or Remove Packages Offline Using DISM](http://go.microsoft.com/fwlink/p/?LinkId=276791).
+-   For Windows 8.1, see [Add or Remove Packages Offline Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=276791).
 
--   For Windows 7 SP1, see [Add or Remove Packages Offline](http://go.microsoft.com/fwlink/p/?LinkId=214490).
+-   For Windows 7 SP1, see [Add or Remove Packages Offline](https://go.microsoft.com/fwlink/p/?LinkId=214490).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index e2d8357a13..3e5c532158 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -12,7 +12,7 @@ ms.sitesec: library
 
 
 # Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager
-You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
+You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
 
  ![](images/wedge.gif) **To install IE11**
 
@@ -24,7 +24,7 @@ You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Con
 
 4.  Move the installation package to your distribution points, and then advertise the package.
 
-You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](http://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](http://go.microsoft.com/fwlink/p/?LinkId=214266).
+You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](https://go.microsoft.com/fwlink/p/?LinkId=214266).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 834f2e439a..d3d5a75fb7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 
 
 # Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS)
-Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790).
+Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
 
  ![](images/wedge.gif) **To import from Windows Update to WSUS**
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index 436279ba14..b077e4a853 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -21,7 +21,7 @@ If you do, you can:
 
 -   Temporarily turn off your antispyware and antivirus software.
 
--   Try another IE11 installer. For example from [Windows Update](http://go.microsoft.com/fwlink/p/?LinkId=302315) or from the [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=327753) website.
+-   Try another IE11 installer. For example from [Windows Update](https://go.microsoft.com/fwlink/p/?LinkId=302315) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
 
 -   Review the `IE11_main.log` file in the `\Windows` folder. This log file has information about each installation and is appended for each subsequent installation.
 
@@ -38,16 +38,16 @@ If Internet Explorer doesn't finish installing, it might mean that Windows Updat
 
     2.  After the uninstall finishes, restart your computer.
 
-2.  Run [Windows Update](http://go.microsoft.com/fwlink/p/?LinkId=302315), clicking **Check for updates**.
+2.  Run [Windows Update](https://go.microsoft.com/fwlink/p/?LinkId=302315), clicking **Check for updates**.
 
 3.  Check the list for IE11. If it's included in the list of updates for download, exclude it before you update your computer.<p>
-If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](http://go.microsoft.com/fwlink/p/?LinkId=302316).
+If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](https://go.microsoft.com/fwlink/p/?LinkId=302316).
 
 4.  Restart your computer, making sure all of your the updates are finished.
 
-5.  Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=327753) website.
+5.  Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
 
-If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](http://go.microsoft.com/fwlink/p/?LinkId=304130).
+If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=304130).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 9b2e1ed634..3964c4c779 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -34,11 +34,11 @@ For more information about all of the new options and Group Policy, see:
 
 -   [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
 
--   [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=279876)
+-   [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876)
 
--   [Group Policy ADMX Syntax Reference Guide](http://go.microsoft.com/fwlink/p/?LinkId=276830)
+-   [Group Policy ADMX Syntax Reference Guide](https://go.microsoft.com/fwlink/p/?LinkId=276830)
 
--   [Enable and Disable Settings in a Preference Item](http://go.microsoft.com/fwlink/p/?LinkId=282671)
+-   [Enable and Disable Settings in a Preference Item](https://go.microsoft.com/fwlink/p/?LinkId=282671)
 
 ## IEM replacements
 The IEM settings have replacements you can use in either Group Policy Preferences or IEAK 11.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index e958cd4c17..b17d3b59ae 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -19,7 +19,7 @@ If you’re having problems launching your legacy apps while running Internet Ex
 
 2.  **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
-For more information, see the [Web Applications](http://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
+For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 4f515957e4..d63465dbe0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -95,5 +95,5 @@ After you've finished updating and deploying your Group Policy, you can use the
 1.  Open and run the Resultant Set of Policy (RSoP) wizard, specifying the information you want to see.
 
 2.  Open your wizard results in the Group Policy Management Console (GPMC).<p>
-For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](http://go.microsoft.com/fwlink/p/?LinkId=395201)
+For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](https://go.microsoft.com/fwlink/p/?LinkId=395201)
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index d401d44c35..8baab504ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -32,7 +32,7 @@ Out-of-date ActiveX control blocking lets you:
 
 -   Update the outdated control, so that it’s up-to-date and safer to use.
 
-The out-of-date ActiveX control blocking feature works with all [Security Zones](http://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
+The out-of-date ActiveX control blocking feature works with all [Security Zones](https://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
 
 It also works with these operating system and IE combinations:
 
@@ -46,7 +46,7 @@ It also works with these operating system and IE combinations:
 |Windows Server 2008 SP2                 |Windows Internet Explorer 9 only |
 |Windows Vista SP2                       |Windows Internet Explorer 9 only |
      
-For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](http://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](http://go.microsoft.com/fwlink/p/?LinkId=517023).
+For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=517023).
 
 ## What does the out-of-date ActiveX control blocking notification look like?
 When IE blocks an outdated ActiveX control, you’ll see a notification bar similar to this, depending on your version of IE:
@@ -89,7 +89,7 @@ IE opens the app’s website.
 IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
 
 You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here:
-- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?LinkId=798230)
+- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?LinkId=798230)
 - [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
 
 **Security Note:**<br>Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
@@ -100,7 +100,7 @@ reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVe
 Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.
 
 ## Out-of-date ActiveX control blocking on managed devices
-Out-of-date ActiveX control blocking includes 4 new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
+Out-of-date ActiveX control blocking includes 4 new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
 
 ### Group Policy settings
 Here’s a list of the new Group Policy info, including the settings, location, requirements, and Help text strings. All of these settings can be set in either the Computer Configuration or User Configuration scope, but Computer Configuration takes precedence over User Configuration.
@@ -156,7 +156,7 @@ Here’s a detailed example and description of what’s included in the VersionA
 
 -   **Allowed/Blocked** Whether IE blocked the ActiveX control.
  
--   **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=403865).<p>**Note**<br>Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
+-   **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=403865).<p>**Note**<br>Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
 
 -   **Reason.** The ActiveX control can be blocked or allowed for any of these reasons:
 
@@ -176,7 +176,7 @@ Here’s a detailed example and description of what’s included in the VersionA
 For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
 
 #### Before you begin
-Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](http://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
+Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](https://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
 
 -   **ConfigureWMILogging.ps1**. A Windows PowerShell script.
 
@@ -192,7 +192,7 @@ Before running the PowerShell script, you must copy both the .ps1 and .mof file
 ```
 powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
 ``` 
-For more info, see [about_Execution_Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
 
 3.  **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index 65ac8b88b0..544daf207b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -34,7 +34,7 @@ RIES does not:
 
 -   Affect the applied Administrative Template Group Policy settings.
 
-RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](http://go.microsoft.com/fwlink/p/?LinkId=214528).
+RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://go.microsoft.com/fwlink/p/?LinkId=214528).
 
 ## IE is crashing or seems slow
 If you notice that CPU usage is running higher than normal, or that IE is frequently crashing or slowing down, you should check your browser add-ons and video card. By default, IE11 uses graphics processing unit (GPU) rendering mode. However, some outdated video cards and video drivers don't support GPU hardware acceleration. If IE11 determines that your current video card or video driver doesn't support GPU hardware acceleration, it'll use Software Rendering mode.
@@ -56,10 +56,10 @@ After you turn each item back on, see if IE crashes or slows down. Doing it this
 1.  Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
 
 2.  On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.<p>
-If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](http://go.microsoft.com/fwlink/?LinkId=746588).
+If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
 
 ## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
-IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Windows Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
+IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Windows Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index e8d5863f27..017f71560c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -33,8 +33,8 @@ This is a permanent removal and erases everything. However, if you determine it
 2.  Click **Yes** in the warning message.<p>Your sites are all cleared from your list.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 5ac02b4039..98e002f0ea 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -31,8 +31,8 @@ You can save your current Enterprise Mode compatibility site list as an XML file
 The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index ebb873545e..b45e7b3744 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -29,8 +29,8 @@ You can search to see if a specific site already appears in your global Enterpri
 The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 4857a6af0a..7f11bf5d7f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration
  ![](images/wedge.gif) **To set the default browser as Internet Explorer 11**
 
 1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
-Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( http://go.microsoft.com/fwlink/p/?LinkId=618268).
+Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
 
     ![set default associations group policy setting](images/setdefaultbrowsergp.png)
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index 7d015c9dbe..7a8ec67cc5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -36,7 +36,7 @@ When you turn logging on, you need a valid URL that points to a server that can
 
  ![](images/wedge.gif) **To set up an endpoint server**
 
-1.  Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](http://go.microsoft.com/fwlink/p/?LinkId=507609).
+1.  Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
 
 2.  Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.<p>
 This lets you create an ASP form that accepts the incoming POST messages.
@@ -72,7 +72,7 @@ This is what your log files will look like after you set everything up and at le
 
 
 ## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](http://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.<p>
+Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.<p>
 This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 **Note**<br>If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
@@ -84,7 +84,7 @@ For logging, you’re going to need a valid URL that points to a server that can
 
 1.  Set up a server to collect your Enterprise Mode information from your users.
 
-2.  Go to the Internet Explorer/[EMIE-Data_Collection_Sample](http://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
+2.  Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
 
 3.  Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
 
@@ -143,8 +143,8 @@ If you have errors while you’re publishing your project, you should try to upd
 You may need to do some additional package cleanup to remove older package versions.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [What is Enterprise Mode?](what-is-enterprise-mode.md)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
 - [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 5725a55e97..752fb6e58a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -45,7 +45,7 @@ Some of the components in this table might also need additional system resources
 You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
 
 ## Support for multiple languages
-IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](http://go.microsoft.com/fwlink/p/?LinkId=281818).
+IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](https://go.microsoft.com/fwlink/p/?LinkId=281818).
 
 Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index b468dcd7ac..abdbbc4db2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -54,8 +54,8 @@ Turning this setting on also requires you to create and store a site list. For m
    All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. For information about how to create and use an Enterprise Mode site list, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index e1ef9cf2e4..af1ea520b4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -36,7 +36,7 @@ Internet Explorer 11 includes several new features and tools. This topic includ
 
 -   **IE Administration Kit (IEAK).** Lets you create custom, branded versions of IE11. For more info and to download the tool, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
 
--   **Unattend Settings.** Lets you update the Unattend.xml file, to customize the home page, favorites, search providers, feeds, Accelerators, Web Slices, and settings for top result searches. For more info, see the [Unattend Settings: Microsoft-Windows-IE-InternetExplorer](http://go.microsoft.com/fwlink/p/?LinkId=263709).
+-   **Unattend Settings.** Lets you update the Unattend.xml file, to customize the home page, favorites, search providers, feeds, Accelerators, Web Slices, and settings for top result searches. For more info, see the [Unattend Settings: Microsoft-Windows-IE-InternetExplorer](https://go.microsoft.com/fwlink/p/?LinkId=263709).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 3a69ea0490..06a50bf079 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -26,7 +26,7 @@ Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, lett
 You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
 
 ## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
+There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
 
 |Operating system |Schema version |Enterprise Site List Manager version |
 |-----------------|---------------|------------------------------------|
@@ -54,8 +54,8 @@ The following topics give you more information about the things that you can do
 ## Related topics
 
 
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
 - [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index ebce77b430..2a51d2abad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -45,8 +45,8 @@ For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to
 For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index 31a9c2207f..aeeb37ff4b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 
 
 # Using Setup Information (.inf) files to create install packages
-IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](http://go.microsoft.com/fwlink/p/?LinkId=327959).
+IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](https://go.microsoft.com/fwlink/p/?LinkId=327959).
 
  ![](images/wedge.gif) **To add uninstallation instructions to the .inf files**
 
@@ -29,9 +29,9 @@ Make sure your script removes the uninstallation registry key, too. Otherwise, t
 
 -   You can't delete directories.
 
--   You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](http://go.microsoft.com/fwlink/p/?LinkId=298508).
+-   You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298508).
 
--   You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](http://go.microsoft.com/fwlink/p/?LinkId=298510).
+-   You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298510).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index 3ead82e3b6..bcf1dc7226 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -15,14 +15,14 @@ ms.sitesec: library
 If your company is considering upgrading to the latest version of Internet Explorer, but is hesitant because of a large number of web apps that need to be tested and moved, we recommend that you consider virtualization. Virtualization lets you set up a virtual environment where you can run earlier versions of IE.
 
 **Important**<br>
-We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](http://go.microsoft.com/fwlink/p/?LinkId=279707) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
+We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](https://go.microsoft.com/fwlink/p/?LinkId=279707) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
 
 The Microsoft-supported options for virtualizing web apps are:
 
--   **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](http://go.microsoft.com/fwlink/p/?LinkId=271653).
+-   **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](https://go.microsoft.com/fwlink/p/?LinkId=271653).
 
--   **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](http://go.microsoft.com/fwlink/p/?LinkId=271654).<p>
-For more information about virtualization options, see [Microsoft Desktop Virtualization](http://go.microsoft.com/fwlink/p/?LinkId=271662).
+-   **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](https://go.microsoft.com/fwlink/p/?LinkId=271654).<p>
+For more information about virtualization options, see [Microsoft Desktop Virtualization](https://go.microsoft.com/fwlink/p/?LinkId=271662).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index deb9fe9032..44cf261391 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -32,7 +32,7 @@ Enterprise Mode includes the following features:
 -   **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting a number of site patterns that aren’t currently supported by existing document modes.
 
 -   **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode. <p>
-Download the [Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
+Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
 
 -   **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the **Tools** menu and to decide whether the Enterprise browser profile appears on the **Emulation** tab of the F12 developer tools.<p>**Important**<br>All centrally-made decisions override any locally-made choices. 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index 28b690e5d6..5fb6495a74 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -24,11 +24,11 @@ ms.sitesec: library
 The Internet Explorer 11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the **Automatic Updates** feature of Windows Update.
 
 **Important**<br>
-The IE11 Blocker Toolkit doesn't stop users from manually installing IE11 from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you've installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
+The IE11 Blocker Toolkit doesn't stop users from manually installing IE11 from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you've installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
 
  ![](images/wedge.gif) **To install the toolkit**
 
-1.  Download the IE11 Blocker Toolkit from [Toolkit to Disable Automatic Delivery of Internet Explorer 11](http://go.microsoft.com/fwlink/p/?LinkId=327745).
+1.  Download the IE11 Blocker Toolkit from [Toolkit to Disable Automatic Delivery of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=327745).
 
 2.  Accept the license agreement and store the included 4 files on your local computer.
 
@@ -41,7 +41,7 @@ Wait for the message, **Blocking deployment of IE11 on the local machine. The op
 
 6.  Close the Command Prompt.
 
-For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](http://go.microsoft.com/fwlink/p/?LinkId=314063).
+For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](https://go.microsoft.com/fwlink/p/?LinkId=314063).
 
  
 
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index f8a608179f..384f432713 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -32,7 +32,7 @@ Answering frequently asked questions about Internet Explorer 11 (IE11) features
 IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
 
 **Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**<br>
-You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](http://go.microsoft.com/fwlink/p/?LinkId=290956).
+You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
 
 **Q: How does IE11 integrate with Windows 8.1?**<br>
 IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
@@ -58,10 +58,10 @@ Supported web standards include:
 
 -   And mutation observers like DOM4 and 5.3
 
-For more information about specific changes and additions, see the [IE11 guide for developers](http://go.microsoft.com/fwlink/p/?LinkId=313188).
+For more information about specific changes and additions, see the [IE11 guide for developers](https://go.microsoft.com/fwlink/p/?LinkId=313188).
 
 **Q: What test tools exist to test for potential application compatibility issues?**<br>
-The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](http://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](http://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](http://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
+The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
 
 **Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?<br>
 It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
@@ -70,10 +70,10 @@ It’s most likely because IE no longer starts apps that use managed browser hos
 
 -   **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
-For more information, see the [Web Applications](http://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
+For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
 
 **Q: Is there a compatibility list for IE?**<br>
-Yes. You can review the XML-based [compatibility version list](http://go.microsoft.com/fwlink/p/?LinkId=403864).
+Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
 
 **Q: What is Enterprise Mode?**<br>
 Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.<p>
@@ -84,7 +84,7 @@ Enterprise Mode Site List Manager tool gives you a way to add websites to your E
 For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
 
 **Q: Are browser plug-ins supported in IE11?**<br>
-The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](http://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
+The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
 
 **Q: Is Adobe Flash supported on IE11?**<br>
 Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.<p>
@@ -116,15 +116,15 @@ For more information, see [New group policy settings for IE11](../ie11-deploy-gu
 **Q: Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?**<br>
 Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
 
-- [Internet Explorer Administration Kit Information and Downloads](http://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
+- [Internet Explorer Administration Kit Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
 
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
 
 **Q: Where can I get more information about IE11 for IT pros?**<br>
-Visit the [Springboard Series for Microsoft Browsers](http://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
+Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
 
 **Q: Is there a version of the Internet Explorer Blocker Toolkit that will prevent automatic installation of IE11?**<br>
-Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](http://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
+Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
 
 **Q: Can I customize settings for IE on Windows 8.1?**<br>
 Settings can be customized in the following ways:
@@ -145,7 +145,7 @@ Group Policy settings can be set to open either IE or Internet Explorer for the
 |Always in Internet Explorer for the desktop |Links always open in Internet Explorer for the desktop. |
 
 ## Related topics
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
 
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index 54459ebc13..65baf63d4b 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -32,12 +32,13 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
 
 ![](images/wedge.gif) **To set up automatic detection for DHCP servers**
 
--   Open the [DHCP Administrative Tool](http://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](http://go.microsoft.com/fwlink/p/?LinkId=294649).
-<p>**Examples:**<br>
-http://www.microsoft.com/webproxy.pac<br>
-http://marketing/config.ins<br>
-http://123.4.567.8/account.pac<p>
-For more detailed info about how to set up your DHCP server, see your server documentation.
+-   Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
+
+    **Examples:**<br>
+    `http://www.microsoft.com/webproxy.pac`<br>
+    `http://marketing/config.ins`<br>
+    `http://123.4.567.8/account.pac`<p>
+    For more detailed info about how to set up your DHCP server, see your server documentation.
 
 ![](images/wedge.gif) **To set up automatic detection for DNS servers**
 
@@ -48,7 +49,7 @@ For more detailed info about how to set up your DHCP server, see your server doc
 `mailserver1 IN A 192.55.200.51`
 <p>**-OR-**<p>
 Create a canonical name (CNAME) alias record, named **WPAD**. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>
-**Note**<br>For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](http://go.microsoft.com/fwlink/p/?LinkId=294651). 
+**Note**<br>For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). 
 
 2.  After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.
 
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
index 180fc0121e..ca0125b893 100644
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 
 
 # Use the Custom Components page in the IEAK 11 Wizard
-The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](http://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
+The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](https://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
 
 **Important**<br>You should sign any custom code that’s being downloaded over the Internet. The default settings of Internet Explorer 11 will automatically reject any unsigned code. For more info about digitally signing custom components, see [Security features and IEAK 11](security-and-ieak11.md).
 
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index 7bb21bf9bd..ba2b7e4076 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 
 
 # Customize Automatic Search for Internet Explorer using IEAK 11
-Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](http://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
+Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](https://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
 
 Using the **Administrative Templates** section of Group Policy, you can prevent the search box from appearing, you can add a list of acceptable search providers, or you can restrict your employee’s ability to add or remove search providers.
 
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index 249c01e34c..13fff054c3 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -31,7 +31,7 @@ These command-line options work with IExpress:<br>
 |`/r:a` |Always restarts the computer after installation. |
 |`/r:s` |Restarts the computer after installation without prompting the employee. |
 
-For more information, see [Command-line switches for IExpress software update packages](http://go.microsoft.com/fwlink/p/?LinkId=317973).
+For more information, see [Command-line switches for IExpress software update packages](https://go.microsoft.com/fwlink/p/?LinkId=317973).
 
 ## Related topics
 - [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
index 6397aad190..b0c1e0c9fe 100644
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@@ -1,5 +1,4 @@
 ---
-localizationpriority: low
 ms.mktglfcycl: plan
 description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
 author: eross-msft
@@ -34,5 +33,5 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
 ## Related topics
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
 
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index bc7d4bb78f..c758d7acbf 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -20,7 +20,7 @@ Using a proxy server lets you limit access to the Internet. You can also use the
 1.  Check the **Enable proxy settings** box if you want to use proxy servers for any of your services.
 
 2.  Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.<p>
-Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry *http://proxy*.
+Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `http://proxy`.
 
 3.  Type the port for each service. The default value is *80*.
 
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index e1c2731a4b..0760b36184 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 
 
 # Using the Resultant Set of Policy (RSoP) snap-in to review policy settings
-After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](http://go.microsoft.com/fwlink/p/?LinkId=259479).
+After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](https://go.microsoft.com/fwlink/p/?LinkId=259479).
 
 ![](images/wedge.gif) **To add the RSoP snap-in**
 
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index 1464b71931..61e6caf344 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -30,21 +30,21 @@ Because of this, the custom .cab files created by the Internet Explorer Customiz
 ### Understanding digital certificates
 To sign your package and custom programs digitally, you must first obtain a digital certificate. You can obtain a certificate from a certification authority or a privately-controlled certificate server. For more info about obtaining certificates or setting up a certificate server, see the following:
 
--   Microsoft-trusted certification authorities ([Windows root certificate program requirements](http://go.microsoft.com/fwlink/p/?LinkId=759697)).
+-   Microsoft-trusted certification authorities ([Windows root certificate program requirements](https://go.microsoft.com/fwlink/p/?LinkId=759697)).
 
--   Certificates overview documentation ([Certificates](http://go.microsoft.com/fwlink/p/?LinkId=759698)).
+-   Certificates overview documentation ([Certificates](https://go.microsoft.com/fwlink/p/?LinkId=759698)).
 
--   Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](http://go.microsoft.com/fwlink/p/?LinkId=259521)).
+-   Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](https://go.microsoft.com/fwlink/p/?LinkId=259521)).
 
--   Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](http://go.microsoft.com/fwlink/p/?LinkId=259526)).
+-   Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](https://go.microsoft.com/fwlink/p/?LinkId=259526)).
 
 After you get a certificate, you should note the public and private keys, which are a matched set of keys that are created by the software publisher for encryption and decryption. They are generated on your device at the time the certificate is requested, and your private key is never sent to the certification authority or any other party.
 
 ### Understanding code signing
 Code signing varies, depening on how you plan to distribute your custom install package.
 
--   **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](http://go.microsoft.com/fwlink/p/?LinkId=71298)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](http://go.microsoft.com/fwlink/p/?LinkId=71299)). You should read the documentation included with these tools for more info about all of the signing options.<p>
-In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](http://go.microsoft.com/fwlink/p/?LinkId=71300)).
+-   **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](https://go.microsoft.com/fwlink/p/?LinkId=71298)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](https://go.microsoft.com/fwlink/p/?LinkId=71299)). You should read the documentation included with these tools for more info about all of the signing options.<p>
+In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](https://go.microsoft.com/fwlink/p/?LinkId=71300)).
 
 -   **If you plan to distribute your custom packages over an intranet**, sign the custom files or preconfigure the Local intranet zone with a Low security setting, because the default security setting does not allow users to download unsigned programs or code.
 
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
index b3d34f728c..c9e24043a1 100644
--- a/browsers/internet-explorer/index.md
+++ b/browsers/internet-explorer/index.md
@@ -1,5 +1,4 @@
 ---
-localizationpriority: low
 ms.mktglfcycl: deploy
 description: The landing page for IE11 that lets you access the documentation.
 author: eross-msft
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 06913f7aef..8b4c888244 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -1 +1 @@
-# [Index](index.md)
\ No newline at end of file
+# [Placeholder](index.md)
\ No newline at end of file
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index beccdc8994..4b581a5c10 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -1 +1,3 @@
-# Index test file for Open Publishing
\ No newline at end of file
+---
+redirect_url: https://developer.microsoft.com/windows/holographic/commercial_features
+---
diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
index 6b6083ba4b..c82891ed56 100644
--- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
+++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
@@ -612,7 +612,7 @@ catch
 {
     PrintError "Some dependencies are missing"
     PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" 
-    PrintError "Please install the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+    PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
     CleanupAndFail
 }
 
@@ -1119,7 +1119,7 @@ if ($fHasOnline)
     }
     catch 
     {
-        CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+        CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
     }
 }
 
@@ -1518,7 +1518,7 @@ if ($online)
     {
         PrintError "Some dependencies are missing"
         PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" 
-        PrintError "Please install the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+        PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
         CleanupAndFail
     }
 }
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index d60f54e1b2..de3aee64d1 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -27,7 +27,7 @@ If you prefer to use a graphical user interface, you can create a device account
 
 ### <a href="" id="create-device-acct-o365-admin-ctr"></a>Create the account in the Office 365 Admin Center
 
-1.  Sign in to Office 365 by visiting http://portal.office.com/admin/
+1.  Sign in to Office 365 by visiting http://portal.office.com
 2.  Provide the admin credentials for your Office 365 tenant. This will take you to your Office 365 Admin Center.
 
     ![Office 365 admin center.](images/setupdeviceaccto365-02.png)
@@ -100,8 +100,8 @@ From here on, you'll need to finish the account creation process using PowerShel
 
 In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console:
 
--   [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](http://go.microsoft.com/fwlink/?LinkId=718149)
--   [Windows Azure Active Directory Module for Windows PowerShell](http://go.microsoft.com/fwlink/p/?linkid=236297)
+-   [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](https://go.microsoft.com/fwlink/?LinkId=718149)
+-   [Windows Azure Active Directory Module for Windows PowerShell](https://go.microsoft.com/fwlink/p/?linkid=236297)
 -   [Skype for Business Online, Windows PowerShell Module](http://www.microsoft.com/download/details.aspx?id=39366)
 
 ### Connecting to online services
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index fe97b78978..e222434c5e 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -30,7 +30,7 @@ Initiating a reset will return the device to the last cumulative Windows update,
 -   Local admins on the device
 -   Configurations from MDM or the Settings app
 
-**To reset a Surface Hub**
+**To reset a Surface Hub from Settings**</br>
 1.	On your Surface Hub, open **Settings**. 
 
     ![Image showing Settings app for Surface Hub.](images/sh-settings.png)
@@ -43,8 +43,18 @@ Initiating a reset will return the device to the last cumulative Windows update,
 
     ![Image showing Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) 
 
+**To reset a Surface Hub from Windows Recovery Environment**</br>
+On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset the device from [Windows Recovery Environment](https://technet.microsoft.com/en-us/library/cc765966(v=ws.10).aspx) (Windows RE).
+
+To reset a Surface Hub from Windows RE:
+
+1.  From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) for help with locating the power switch.
+2.  The device should automatically boot into Windows RE. Select **Advanced Repair**.
+3.  Select **Reset**.
+4.  If prompted, enter your device's BitLocker key.
+
 **Important Note**</br>
-Performing a device reset may take up to 6 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+Performing a device reset may take up to 2 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
 
 After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. 
 
@@ -53,4 +63,4 @@ After the reset, Surface Hub restarts the [first run program](first-run-program-
 
 [Manage Microsoft Surface Hub](manage-surface-hub.md)
 
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
\ No newline at end of file
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 8305a2bd53..b34943faf8 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -154,7 +154,7 @@ This screen is purely informational, and shows which recommended settings have b
 
 ### Details
 
-You should read this screen and note which services have been enabled by default. All of them can be changed using the Settings app if need be, but you should be careful about the effects of doing so. For example, Cortana depends on some of these settings, and may not work if you disable them. See [Intro to Surface Hub](intro-to-surface-hub.md) for details.
+You should read this screen and note which services have been enabled by default. All of them can be changed using the Settings app if need be, but you should be careful about the effects of doing so. See [Intro to Surface Hub](intro-to-surface-hub.md) for details.
 
 Once you're done reviewing the settings, click **Next** to go on.
 
@@ -185,9 +185,8 @@ Click **Skip setting up a device account** to skip setting up a device account.
 
 -   See a meeting calendar on the Welcome screen
 -   Start a meeting from the Welcome screen
--   Start a meeting using Cortana
 -   Email whiteboards from OneNote
--   Use Skype for Business for meetings.
+-   Use Skype for Business for meetings
 
 If you skip setting it up now, you can add a device account later by using the Settings app.
 
@@ -222,7 +221,6 @@ Click **Skip setting up Exchange services** to skip this step. If you do, people
 
 -   See a meeting calendar on the welcome screen.
 -   Start a meeting from the welcome screen.
--   Start a meeting using Cortana.
 -   Email whiteboards from OneNote.
 
 See [Intro to Surface Hub](intro-to-surface-hub.md) for details on setup dependencies.
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index 478ae597cd..4fd03e659e 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -41,7 +41,7 @@ Use this procedure if you use Exchange on-prem.
     Open your on-prem Exchange Management Shell with administrator permissions, and run this cmdlet.
 
     ```ps1
-    Enable-Mailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
+    Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
     ```
     
 4.  Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
diff --git a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md b/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
index 45d66f1d0a..3f17756233 100644
--- a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
+++ b/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
@@ -62,7 +62,6 @@ User interface (UI) settings are returned to their default values when **I'm Don
 - Reset Quick Actions to default state
 - Clear Toast notifications
 - Reset volume levels
-- Reset Cortana relaunch count
 - Reset sidebar width
 - Reset tablet mode layout
 
diff --git a/devices/surface-hub/intro-to-surface-hub.md b/devices/surface-hub/intro-to-surface-hub.md
index d8a4c1c1e2..ec1712c7a0 100644
--- a/devices/surface-hub/intro-to-surface-hub.md
+++ b/devices/surface-hub/intro-to-surface-hub.md
@@ -44,10 +44,6 @@ The capabilities of your Surface Hub will depend on what other Microsoft product
 <td align="left"><p>Web browsing through Microsoft Edge</p></td>
 <td align="left"><p>Internet connectivity.</p></td>
 </tr>
-<tr class="even">
-<td align="left"><p>Cortana meeting room assistant (voice commands, search)</p></td>
-<td align="left"><p>Internet connectivity needed to process questions and do searches.</p></td>
-</tr>
 <tr class="odd">
 <td align="left"><p>Remote and multi-device management</p></td>
 <td align="left"><p>Supported mobile device management (MDM) solutions (Microsoft Intune, System Center 2012 R2 Configuration Manager, or supported third-party solution).</p></td>
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index 3083553e68..b28e3e7208 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -16,18 +16,18 @@ localizationpriority: medium
 
 Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
 
-The [Operations Management Suite (OMS)](http://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. You can use OMS to help you track the health of your Surface Hubs as well as understand how they are being used. Log files are read on the devices and sent to the OMS service. Issues like servers being offline, the calendar not syncing, or the device account being unable to log into Skype are shown in OMS in the Surface Hub dashboard. By using the data in the dashboard, you can identify devices that are not running, or that are having other problems, and potentially apply fixes for the detected issues.
+The [Operations Management Suite (OMS)](https://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. You can use OMS to help you track the health of your Surface Hubs as well as understand how they are being used. Log files are read on the devices and sent to the OMS service. Issues like servers being offline, the calendar not syncing, or the device account being unable to log into Skype are shown in OMS in the Surface Hub dashboard. By using the data in the dashboard, you can identify devices that are not running, or that are having other problems, and potentially apply fixes for the detected issues.
 
 ### OMS requirements
 
 In order to manage your Surface Hubs from the Microsoft Operations Management Suite (OMS), you'll need the following:
 
 -   A valid [subscription to OMS](http://www.microsoft.com/server-cloud/operations-management-suite/overview.aspx).
--   [Subscription level](http://go.microsoft.com/fwlink/?LinkId=718139) in line with the number of devices. OMS pricing varies depending on how many devices are enrolled, and how much data it processes. You'll want to take this into consideration when planning your Surface Hub rollout.
+-   [Subscription level](https://go.microsoft.com/fwlink/?LinkId=718139) in line with the number of devices. OMS pricing varies depending on how many devices are enrolled, and how much data it processes. You'll want to take this into consideration when planning your Surface Hub rollout.
 
-Next, you will either add an OMS subscription to your existing Microsoft Azure subscription or create a new workspace directly through the OMS portal. Detailed instructions for setting up the account can be found at: [Onboard in minutes](http://go.microsoft.com/fwlink/?LinkId=718141). Once the OMS subscription is set up, there are two ways to enroll your Surface Hub devices:
+Next, you will either add an OMS subscription to your existing Microsoft Azure subscription or create a new workspace directly through the OMS portal. Detailed instructions for setting up the account can be found at: [Onboard in minutes](https://go.microsoft.com/fwlink/?LinkId=718141). Once the OMS subscription is set up, there are two ways to enroll your Surface Hub devices:
 
-1.  Automatically through [InTune](http://go.microsoft.com/fwlink/?LinkId=718150), or
+1.  Automatically through [InTune](https://go.microsoft.com/fwlink/?LinkId=718150), or
 2.  Manually through Settings.
 
 ### Setting up monitoring
diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md
index 7c201fd78e..489e6a03a3 100644
--- a/devices/surface-hub/physically-install-your-surface-hub-device.md
+++ b/devices/surface-hub/physically-install-your-surface-hub-device.md
@@ -14,12 +14,12 @@ localizationpriority: medium
 # Physically install Microsoft Surface Hub
 
 
-The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
+The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
 
 You may also want to check out the Unpacking Guide. It will show you how to unpack the devices efficiently and safely. There are two guides, one for the 55" and one for the 84". A printed version of the Unpacking Guide is attached to the outside front of each unit's shipping crate.
 
--   Download the 55" Unpacking Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718145).
--   Download the 84" version from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718146).
+-   Download the 55" Unpacking Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718145).
+-   Download the 84" version from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718146).
 
  
 
diff --git a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
index cbad03aa49..59e451d855 100644
--- a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
+++ b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
@@ -58,7 +58,7 @@ In order to create and deploy provisioning packages, all of the following are re
 
 ### <a href="" id="installing-wicd-prov-pkg"></a>Install the Windows Imaging and Configuration Designer
 
-1.  The Windows Imaging and Configuration Designer (ICD) is installed as part of the Windows 10 ADK. The installer for the ADK can be downloaded from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718147).
+1.  The Windows Imaging and Configuration Designer (ICD) is installed as part of the Windows 10 ADK. The installer for the ADK can be downloaded from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718147).
     >**Note**  The ADK must be installed on a separate PC, not on the Surface Hub.  
 
 2.  Run the installer, and set your preferences for installation. When asked what features you want to install, you will see a checklist like the one in the following figure. Note that **Windows Performance Toolkit** and **Windows Assessment Toolkit** should be unchecked, as they are not needed to run the ICD.
@@ -138,7 +138,7 @@ This example will demonstrate how to create a provisioning package to install a
 
 ### <a href="" id="creating-prov-pkg-apps"></a>Create a provisioning package for apps
 
-This example will demonstrate how to create a provisioning package to install offline-licensed apps purchased from the Windows Store for Business. For information on offline-licensed apps and what you need to download in order to install them, see [Distribute offline apps](http://go.microsoft.com/fwlink/?LinkId=718148).
+This example will demonstrate how to create a provisioning package to install offline-licensed apps purchased from the Windows Store for Business. For information on offline-licensed apps and what you need to download in order to install them, see [Distribute offline apps](https://go.microsoft.com/fwlink/?LinkId=718148).
 
 For each app you want to install on Surface Hubs, you'll need to download:
 
diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md
index 0ce8d6e7d7..95b7c2c92f 100644
--- a/devices/surface-hub/set-up-your-surface-hub.md
+++ b/devices/surface-hub/set-up-your-surface-hub.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
-localizationpriority: mediumh
+localizationpriority: medium
 ---
 
 # Set up Microsoft Surface Hub
diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md
index 2dc1778f87..49b0f51d45 100644
--- a/devices/surface-hub/setup-worksheet-surface-hub.md
+++ b/devices/surface-hub/setup-worksheet-surface-hub.md
@@ -30,12 +30,12 @@ You should fill out one list for each Surface Hub you need to configure, althoug
 <p>Proxy information</p>
 </td>
 <td>
-<p>If your network uses a proxy to for network and/or Internet access, you must provide a script or server/port information.</p>
+<p>If your network uses a proxy for network and/or Internet access, you must provide a script or server/port information.</p>
 </td>
 <td>
-<p>http://contoso/proxy.pa (proxy script)
-OR
-10.10.10.100, port 8080 (server, port)
+<p>Proxy script: http://contoso/proxy.pa </br>
+- OR - </br>
+Server and port info: 10.10.10.100, port 80
 </p>
 </td>
 <td>
@@ -64,7 +64,9 @@ OR
 <p>This is the User Principal Name (UPN) or the domain\username, and the password of the device account. Mail, calendar, and Skype for Business depend on a compatible device account.</p>
 </td>
 <td>
-<p>ConfRoom15@contoso.com, #Passw0rd1 (for UPN) OR CONTOSO\ConfRoom15, #Passw0rd1 (for Domain\username)</p>
+<p> UPN: ConfRoom15@contoso.com, #Passw0rd1 </br>
+- OR - <br> 
+Domain and username: CONTOSO\ConfRoom15, #Passw0rd1</p>
 </td>
 <td>
 <p></p>
@@ -96,7 +98,7 @@ Mail, calendar, and Skype for Business depend on a compatible device account.
 For Skype for Business to work, the device account must have a valid SIP address. The device will try to find this automatically.</p>
 </td>
 <td>
-<p>sip:ConfRoom15@contoso.com</p>
+<p>sip: ConfRoom15@contoso.com</p>
 </td>
 <td>
 <p></p>
diff --git a/devices/surface-hub/surface-hub-administrators-guide.md b/devices/surface-hub/surface-hub-administrators-guide.md
index 6b08e5cb6f..275dd6a33b 100644
--- a/devices/surface-hub/surface-hub-administrators-guide.md
+++ b/devices/surface-hub/surface-hub-administrators-guide.md
@@ -39,7 +39,7 @@ Before you power on Microsoft Surface Hub for the first time, make sure you've [
 </tr>
 <tr class="even">
 <td align="left"><p>[Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)</p></td>
-<td align="left"><p>The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55&quot; and 84&quot; devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.</p></td>
+<td align="left"><p>The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55&quot; and 84&quot; devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)</p></td>
diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
index a590b85c20..7b231f3562 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
@@ -21,9 +21,9 @@ To address more granular control over the security of Surface devices, the v3.11
 ## Manually install the UEFI update
 
 
-Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030).
+Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( https://go.microsoft.com/fwlink/p/?LinkID=618030).
 
-To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/en-us/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates).
+To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
 
 ## Manually configure additional security settings
 
@@ -49,13 +49,13 @@ After the v3.11.760.0 UEFI update is installed on a Surface device, an additiona
 ## Automate additional security settings
 
 
-As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](http://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script.
+As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](https://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script.
 
 **Prerequisites**
 
 -   The sample scripts below leverage the previously mentioned extension and therefore assume that the tool has been installed on the device being managed.
 -   The scripts must be run with administrative privilege.
--   The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](http://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed.
+-   The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](https://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed.
 
 **Sample scripts**
 
diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md
index aa17e2e68f..8532617b50 100644
--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@@ -22,12 +22,12 @@ It is common practice in a Windows deployment to customize the user experience f
 
 In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.
 
-This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](http://go.microsoft.com/fwlink/p/?LinkID=618042).
+This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://go.microsoft.com/fwlink/p/?LinkID=618042).
 
->**Note:**&nbsp;&nbsp;Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
-- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+>**Note:**&nbsp;&nbsp;Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
 <br/>
-- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
+- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
 
  
 
@@ -36,7 +36,7 @@ This article provides a summary of the scenarios where a deployment might requir
 
 When a wireless network adapter is present during OOBE, the **Join a wireless network** page is displayed, which prompts a user to connect to a wireless network. This page is not automatically hidden by deployment technologies, including MDT 2013, and therefore will be displayed even when a deployment is configured for complete automation.
 
-To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkID=618044).
+To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkID=618044).
 
 ## Scenario 2: Surface Pen pairing in OOBE
 
@@ -54,7 +54,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
 
  
 
-The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](http://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click.
+The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](https://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click.
 
  
 
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index 6ee5c0b6f6..2df6fdcd7f 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -33,14 +33,14 @@ Installation files for administrative tools, drivers for accessories, and update
 
 Recent additions to the downloads for Surface devices provide you with options to install Windows 10 on your Surface devices and update LTE devices with the latest Windows 10 drivers and firmware.
 
->**Note:**&nbsp;&nbsp;A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](http://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
+>**Note:**&nbsp;&nbsp;A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
 
  
 
 ## Surface Book
 
 
-Download the following updates [for Surface Book from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691691).
+Download the following updates [for Surface Book from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=691691).
 
 -   SurfaceBook\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
@@ -49,7 +49,7 @@ Download the following updates [for Surface Book from the Microsoft Download Cen
 ## Surface Pro 4
 
 
-Download the following updates for [Surface Pro 4 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691692).
+Download the following updates for [Surface Pro 4 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=691692).
 
 -   SurfacePro4\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
@@ -58,7 +58,7 @@ Download the following updates for [Surface Pro 4 from the Microsoft Download Ce
 ## <a href="" id="surface-pro-3-"></a>Surface Pro 3
 
 
-Download the following updates [for Surface Pro 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690288).
+Download the following updates [for Surface Pro 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690288).
 
 -   SurfacePro3\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
@@ -85,7 +85,7 @@ Download the following updates [for Surface Pro 3 from the Microsoft Download Ce
 ## Surface 3
 
 
-Download the following updates [for Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690289).
+Download the following updates [for Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690289).
 
 -   Surface3\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
 
@@ -102,7 +102,7 @@ Download the following updates [for Surface 3 from the Microsoft Download Center
 ## Surface 3 LTE
 
 
-Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690290).
+Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690290).
 
 -   Surface3\_US1\_Win10\_xxxxxx.msi – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 10
 
@@ -118,7 +118,7 @@ Download the following updates [for AT&T 4G LTE versions of Surface 3 from the M
 
 -   Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1
 
-Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690291).
+Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690291).
 
 -   Surface3\_NAG\_Win10\_xxxxxx.msi – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 10
 
@@ -134,7 +134,7 @@ Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from t
 
 -   Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1
 
-Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690292).
+Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690292).
 
 -   Surface3\_ROW\_Win10\_xxxxxx.msi – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 10
 
@@ -153,7 +153,7 @@ Download the following updates [for 4G LTE Surface 3 versions for regions outsid
 ## Surface Pro 2
 
 
-Download the following updates [for Surface Pro 2 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690293).
+Download the following updates [for Surface Pro 2 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690293).
 
 -   SurfacePro2\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
 
@@ -168,7 +168,7 @@ Download the following updates [for Surface Pro 2 from the Microsoft Download Ce
 ## Surface Pro
 
 
-Download the following updates [for Surface Pro from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690294).
+Download the following updates [for Surface Pro from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690294).
 
 -   SurfacePro\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
 
@@ -185,7 +185,7 @@ Download the following updates [for Surface Pro from the Microsoft Download Cent
 
 There are no downloadable firmware or driver updates available for Surface RT. Updates can only be applied using Windows Update.
 
-If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](http://go.microsoft.com/fwlink/p/?LinkId=618107).
+If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](https://go.microsoft.com/fwlink/p/?LinkId=618107).
 
  
 
diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
index 03c803cc5c..dfda75ad0f 100644
--- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
+++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
@@ -16,14 +16,14 @@ author: miladCA
 
 Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
 
-If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](http://go.microsoft.com/fwlink/p/?LinkId=716899).
+If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](https://go.microsoft.com/fwlink/p/?LinkId=716899).
 
 You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
 
 ## <a href="" id="download-peap--eap-fast--or-cisco-leap-installation-files--"></a>Download PEAP, EAP-FAST, or Cisco LEAP installation files
 
 
-You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file.
+You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file.
 
 ## Deploy PEAP, EAP-FAST, or Cisco LEAP with MDT
 
@@ -79,7 +79,7 @@ To specify the protocol(s) explicitly, follow these steps:
 
 For organizations that manage Surface devices with Configuration Manager, it is even easier to deploy PEAP, EAP-FAST, or Cisco LEAP support to Surface devices. Simply import each MSI file as an application from the Software Library and configure a deployment to your Surface device collection.
 
-For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761080).
+For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=761080).
 
  
 
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index b7dd253652..1babe7d7c6 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -25,7 +25,7 @@ Before you can address the concerns of how you will boot to your deployment envi
 
 The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using System Center Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
 
-Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](http://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware.
+Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware.
 
 The following Ethernet devices are supported for network boot with Surface devices:
 
@@ -67,7 +67,7 @@ Another consideration for administrators performing Windows deployment over the
 
 The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks.
 
-Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section.
+Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section.
 
 When you use a shared adapter for deployment, the solution for affected deployment technologies is to use another means to identify unique systems. For Configuration Manager and WDS, both of which can be affected by this issue, the solution is to use the System Universal Unique Identifier (System UUID) that is embedded in the computer firmware by the computer manufacturer. For Surface devices, you can see this entry in the computer firmware under **Device Information**.
 
@@ -78,9 +78,9 @@ To access the firmware of a Surface device, follow these steps:
 3.  Press and release the **Power** button.
 4.  After the device begins to boot, release the **Volume Up** button.
 
-When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](http://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](http://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**.
+When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](https://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](https://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**.
 
-The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](http://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
+The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
 
  
 
diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md
index 4d2733a4ad..f2d71be1b0 100644
--- a/devices/surface/manage-surface-dock-firmware-updates.md
+++ b/devices/surface/manage-surface-dock-firmware-updates.md
@@ -16,13 +16,13 @@ author: jobotto
 
 Read about the different methods you can use to manage the process of Surface Dock firmware updates.
 
-The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/en-us/mt697552) video.
+The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/mt697552) video.
 
 Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device.
 
 >**Note:**&nbsp;&nbsp;You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:<br/>
-- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/en-us/mt697551) from Microsoft Mechanics
-- [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
+- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/mt697551) from Microsoft Mechanics
+- [Windows Update Makes Surface Better](https://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
 
  
 
@@ -79,7 +79,7 @@ Windows Update is the method that most users will use. The drivers for the Surfa
 
 This method is used mostly in environments where Surface device drivers and firmware are managed separately from Windows Update. See [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) for more information about the different methods to manage Surface device driver and firmware updates. Updating the Surface Dock firmware through this method involves downloading and deploying an MSI package to the Surface device that contains the updated Surface Dock drivers and firmware. This is the same method recommended for updating all other Surface drivers and firmware. The two-phase firmware update process occurs in the background each time the Surface Dock is disconnected, just like it does with the Windows Update method.
 
-For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=785355).
+For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=785355).
 
 >**Note:**&nbsp;&nbsp;When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in:<br/><br/>
   **HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters**
@@ -103,7 +103,7 @@ Firmware status is displayed for both the main chipset (displayed as **Component
 
 The manual method using the Microsoft Surface Dock Updater tool to update the Surface Dock is used mostly in environments where IT prepares Surface Docks prior to delivery to the end user, or for troubleshooting of a Surface Dock. Microsoft Surface Dock Updater is a tool that you can run from any Surface device that is compatible with the Surface Dock, and will walk you through the process of performing the Surface Dock firmware update in the least possible amount of time. You can also use this tool to verify the firmware status of a connected Surface Dock.
 
-For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
+For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](https://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
 
  
 
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
index 4c308a017a..521f6e38a2 100644
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ b/devices/surface/manage-surface-pro-3-firmware-updates.md
@@ -31,26 +31,26 @@ The simplest solution to ensure that firmware on Surface devices in your organiz
 
 Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators.
 
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](http://go.microsoft.com/fwlink/p/?LinkId=618172).
+For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](https://go.microsoft.com/fwlink/p/?LinkId=618172).
 
 **Windows Installer Package**
 
-The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](http://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
+The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](https://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
 
-For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](http://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
+For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](https://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
 
 **Provisioning packages**
 
-New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](http://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
+New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
 
 **Windows PowerShell**
 
-Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](http://go.microsoft.com/fwlink/p/?LinkId=618177) blog post.
+Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](https://go.microsoft.com/fwlink/p/?LinkId=618177) blog post.
 
 ## Operating system deployment considerations
 
 
-The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](http://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center.
+The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](https://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center.
 
 The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device.
 
@@ -60,7 +60,7 @@ A best practice for deployment with any solution that uses the Windows Preinstal
 
 **Update Surface Pro 3 firmware offline through USB**
 
-In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](http://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
+In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](https://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
 
  
 
diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md
index 7071bb2da7..246334a4d4 100644
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@@ -26,7 +26,7 @@ On the **PC information** page, detailed information about your Surface device i
 - **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management. 
 
 - **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
-- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/en-us/download/details.aspx?id=44076). 
+- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/download/details.aspx?id=44076). 
 
 You will also find detailed information about the firmware of your Surface device. Surface devices have several internal components that each run different versions of firmware. The firmware version of each of the following devices is displayed on the **PC information** page (as shown in Figure 1): 
 
@@ -44,7 +44,7 @@ You will also find detailed information about the firmware of your Surface devic
 
 *Figure 1. System information and firmware version information*
 
-You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history) for your device. 
+You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device. 
 
 ##Security 
 
@@ -70,7 +70,7 @@ On the **Security** page you can also change the configuration of Secure Boot on
 
 *Figure 3. Configure Secure Boot*
 
-You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. 
+You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. 
 
 ![Configure Surface UEFI security settings](images/manage-surface-uefi-fig4.png "Configure Surface UEFI security settings")
 
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index b379604c7c..d885af5dd9 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -16,7 +16,7 @@ author: miladCA
 
 Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
 
-[Microsoft Surface Data Eraser](http://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](http://go.microsoft.com/fwlink/p/?LinkId=691222).
+[Microsoft Surface Data Eraser](https://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://go.microsoft.com/fwlink/p/?LinkId=691222).
 
 Compatible Surface devices include:
 
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index c7b442925d..169358ad9a 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -20,13 +20,13 @@ SDA includes a wizard that automates the creation and configuration of a Microso
 
 SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
 
-You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=691693).
+You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=691693).
 
 **Download Microsoft Surface Deployment Accelerator**
 
 You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
 
-1.  Go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center.
+1.  Go to the [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center.
 
 2.  Click the **Download** button, select the **Surface\_Deployment\_Accelerator\_xxxx.msi** file, and then click **Next**.
 
@@ -60,7 +60,7 @@ As you progress through the SDA wizard, you will be asked some basic questions a
 
 When the SDA completes, you can use the deployment share to deploy over the network immediately. Simply boot your Surface device from the network using a Surface Ethernet Adapter and select the Surface deployment share you created with the SDA wizard. Select the **1- Deploy Microsoft Surface** task sequence and the wizard will walk you through an automated deployment of Windows to your Surface device.
 
-You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](http://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](http://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
+You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](https://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](https://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
 
 >**Note:**&nbsp;&nbsp;With SDA v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.
 
@@ -83,7 +83,7 @@ You can find a full list of available driver downloads at [Download the latest f
 
 ## Changes and updates
 
-SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/en-us/itpro/surface/step-by-step-surface-deployment-accelerator).
+SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator).
 
 >**Note:**&nbsp;&nbsp;To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share.
  
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index c2113bd72b..2024ee1ca9 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -21,7 +21,7 @@ This article shows you how to install Microsoft Surface Deployment Accelerator (
 
 For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
 
-1.  Download SDA, which is included in [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
+1.  Download SDA, which is included in [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
 
 2.  Run the SDA installation file, named **Surface\_Deployment\_Accelerator\_*xxxx*.msi**, where *xxxx* is the current version number.
 
@@ -77,7 +77,7 @@ The following steps show you how to create a deployment share for Windows 10 th
 
     -   **Windows 10 Deployment Services**
 
-        -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](http://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot.
+        -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot.
 
     -   **Windows 10 Source Files**
 
@@ -147,7 +147,7 @@ You can use USB media to perform an SDA deployment if your Surface device is una
 
  
 
-Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](http://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
+Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
 
 1.  **diskpart** – Opens DiskPart to manage disks and partitions.
 
@@ -300,7 +300,7 @@ The **2 – Create Windows Reference Image** task sequence is used to perform a
 
 Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.
 
->**Note:**&nbsp;&nbsp;Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
+>**Note:**&nbsp;&nbsp;Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
 
  
 
diff --git a/devices/surface/surface-diagnostic-toolkit.md b/devices/surface/surface-diagnostic-toolkit.md
index 78142a380b..fcf3eb8f6b 100644
--- a/devices/surface/surface-diagnostic-toolkit.md
+++ b/devices/surface/surface-diagnostic-toolkit.md
@@ -16,7 +16,7 @@ author: miladCA
 
 Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.
 
-The [Microsoft Surface Diagnostic Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.
+The [Microsoft Surface Diagnostic Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.
 
 >**Note:**&nbsp;&nbsp;A Surface device must boot into Windows to run the Microsoft Surface Diagnostic Toolkit. The Microsoft Surface Diagnostic Toolkit will run only on the following Surface devices:
 
@@ -123,7 +123,7 @@ This test checks for any outstanding Windows updates and will prompt you to inst
 
 #### Device information
 
-This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](http://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](http://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:
+This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](https://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](https://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:
 
 - Output of **Get-WindowsUpdateLog** if the operating system is Windows 10
 
@@ -339,7 +339,7 @@ The device orientation sensor determines what the angle of the Surface device is
 This test cycles the screen through brightness levels from 0 percent to 100 percent, and then a message is displayed to confirm if the brightness level changed accordingly. You are then prompted to test for brightness reaction. To test the reaction of brightness when running on battery, disconnect the power adapter. The screen should automatically dim when power is disconnected.
 
 #### Surface Dock test
-The Microsoft Surface Diagnostic Toolkit uses this test only if a Surface Dock is connected to the device. If a Surface Dock is detected, this test verifies that the Surface Dock driver firmware is updated. For more detailed analysis of Surface Dock firmware status and how to manually initiate the firmware update process, see the [Microsoft Surface Dock Updater](https://technet.microsoft.com/en-us/itpro/surface/surface-dock-updater) article.
+The Microsoft Surface Diagnostic Toolkit uses this test only if a Surface Dock is connected to the device. If a Surface Dock is detected, this test verifies that the Surface Dock driver firmware is updated. For more detailed analysis of Surface Dock firmware status and how to manually initiate the firmware update process, see the [Microsoft Surface Dock Updater](https://technet.microsoft.com/itpro/surface/surface-dock-updater) article.
 
 
 #### System assessment
@@ -350,11 +350,11 @@ The Windows System Assessment Tool (WinSAT) runs a series of benchmarks against
 
 #### Performance Monitor test
 
-Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](http://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.
+Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](https://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.
 
 #### Crash dump collection
 
-If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](http://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](http://go.microsoft.com/fwlink/p/?LinkId=746489).
+If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](https://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](https://go.microsoft.com/fwlink/p/?LinkId=746489).
 
 #### Connected standby text
 
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index f9e106cf2d..91d4411699 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -16,7 +16,7 @@ author: jobotto
 
 This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
 
-The [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
+The [Microsoft Surface Dock Updater](https://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
 
 When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA).
 
@@ -25,7 +25,7 @@ When you run the Microsoft Surface Dock Updater installer you will be prompted t
 ## Update a Surface Dock with Microsoft Surface Dock Updater
 
 
-After you install the [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
+After you install the [Microsoft Surface Dock Updater](https://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
 
 To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps:
 
diff --git a/education/index.md b/education/index.md
index beccdc8994..f468605351 100644
--- a/education/index.md
+++ b/education/index.md
@@ -1 +1,3 @@
-# Index test file for Open Publishing
\ No newline at end of file
+---
+redirect_url: https://technet.microsoft.com/edu/windows/
+---
diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index b88d81df41..64da3956f1 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -1,4 +1,4 @@
-# [Windows 10 for education](index.md)
+# [Windows 10 for Education](index.md)
 ## [Change history for Windows 10 for Education](change-history-edu.md)
 ## [Windows 10 editions for education customers](windows-editions-for-education-customers.md)
 ## [Setup options for Windows 10](set-up-windows-10.md)
@@ -10,11 +10,11 @@
 ### [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md)
 ### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md)
 ## [Take tests in Windows 10 ](take-tests-in-windows-10.md)
-### [Set up Take a Test on a single PC ](take-a-test-single-pc.md)
-### [Set up Take a Test on multiple PCs ](take-a-test-multiple-pcs.md)
-### [Take a Test app technical reference ](take-a-test-app-technical.md)
+### [Set up Take a Test on a single PC](take-a-test-single-pc.md)
+### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
+### [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)
+### [Take a Test app technical reference](take-a-test-app-technical.md)
 ## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
 ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
 ## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
 ## [Chromebook migration guide](chromebook-migration-guide.md)
-
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 0d1c19f506..f03105f10d 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -12,38 +12,39 @@ author: jdeckerMS
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
+## September 2016
+
+| New or changed topic | Description|
+| --- | --- |
+| [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)  | New. Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.  |
 
 ## RELEASE: Windows 10, version 1607
-The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
+The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
 
 - [Set up Windows 10](set-up-windows-10.md)
 - [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
 - [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
 - [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
 
-
 ## July 2016
 
-
 | New or changed topic | Description|
 | --- | --- |
-| [Windows 10 editions for education customers](windows-editions-for-education-customers.md)  | New |
-|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New |
-
-
+| [Windows 10 editions for education customers](windows-editions-for-education-customers.md)  | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
+|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. |
 
 ## June 2016
 
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Get Minecraft Education Edition](get-minecraft-for-education.md) </br> [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) </br> [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New |
+| [Get Minecraft Education Edition](get-minecraft-for-education.md) </br> [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) </br> [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New. Learn how to get and distribute Minecraft: Education Edition. |
 
 ## May 2016
 
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New  |
-| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New  |
-| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New |
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New. Learn how the Set up School PCs app works and how to use it.  |
+| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New. Describes the changes that the Set up School PCs app makes to a PC.  |
+| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New. Learn how to set up and use the Take a Test app. |
 | [Chromebook migration guide](chromebook-migration-guide.md)  | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in November 2015 |
-| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
\ No newline at end of file
+| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 428efd3e77..81002929b2 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -260,7 +260,7 @@ Assign the setting-migration priority based on how critical the setting is to th
 
 Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
 
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 **Identify the list of user mailboxes to migrate**
 
@@ -268,7 +268,7 @@ In regards to creating the list of users you will migrate, it might seem that th
 
 Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
 
-Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](http://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
+Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](https://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
 
 **Identify companion devices that access Google Apps Gmail**
 
@@ -276,7 +276,7 @@ In addition to Chromebook devices, users may have companion devices (smartphones
 
 After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
 
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
 
 **Identify the optimal timing for the migration**
 
@@ -630,11 +630,11 @@ Examine each of the following network infrastructure technologies and services a
 
     For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
 
-    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](http://go.microsoft.com/fwlink/p/?LinkId=690255)
+    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](https://go.microsoft.com/fwlink/p/?LinkId=690255)
 
-    -   [Hidden Cost of Chromebook Deployments](http://go.microsoft.com/fwlink/p/?LinkId=690256)
+    -   [Hidden Cost of Chromebook Deployments](https://go.microsoft.com/fwlink/p/?LinkId=690256)
 
-    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](http://go.microsoft.com/fwlink/p/?LinkId=690257)
+    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
 
 -   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
 
@@ -675,15 +675,15 @@ Table 7. Network infrastructure products and technologies and deployment resourc
 <tr class="odd">
 <td align="left">DHCP</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[DHCP Deployment Guide](http://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[DHCP Deployment Guide](https://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">DNS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Deploying Domain Name System (DNS)](http://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Deploying Domain Name System (DNS)](https://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -717,16 +717,16 @@ Table 8. AD DS, Azure AD and deployment resources
 <tr class="odd">
 <td align="left">AD DS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Active Directory Domain Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Active Directory Domain Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Azure AD</td>
 <td align="left"><ul>
-<li><p>[Azure Active Directory documentation](http://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
-<li><p>[Manage and support Azure Active Directory Premium](http://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
-<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](http://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
+<li><p>[Azure Active Directory documentation](https://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
+<li><p>[Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
+<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](https://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -760,38 +760,38 @@ Table 9. Management systems and deployment resources
 <tr class="odd">
 <td align="left">Windows provisioning packages</td>
 <td align="left"><ul>
-<li><p>[Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
-<li><p>[Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
-<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](http://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
+<li><p>[Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
+<li><p>[Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
+<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](https://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Core Network Companion Guide: Group Policy Deployment](http://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
-<li><p>[Deploying Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
+<li><p>[Core Network Companion Guide: Group Policy Deployment](https://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
+<li><p>[Deploying Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[Site Administration for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
-<li><p>[Deploying Clients for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
+<li><p>[Site Administration for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
+<li><p>[Deploying Clients for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Set up and manage devices with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
-<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
-<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
+<li><p>[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
+<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
+<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">MDT</td>
 <td align="left"><ul>
-<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
-<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
+<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
+<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -825,23 +825,23 @@ Table 10. Management systems and app deployment resources
 <tr class="odd">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Editing an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
-<li><p>[Group Policy Software Deployment Background](http://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
-<li><p>[Assigning and Publishing Software](http://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
+<li><p>[Editing an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
+<li><p>[Group Policy Software Deployment Background](https://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
+<li><p>[Assigning and Publishing Software](https://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
-<li><p>[Application Management in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
+<li><p>[How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
+<li><p>[Application Management in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Deploy apps to mobile devices in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
-<li><p>[Manage apps with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
+<li><p>[Deploy apps to mobile devices in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
+<li><p>[Manage apps with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -873,17 +873,17 @@ If you do no want to migrate any user or device settings from the Chromebook dev
 
 In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
 
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 Alternatively, if you want to migrate to Office 365 from:
 
 -   **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
 
-    -   [Cutover Exchange Migration and Single Sign-On](http://go.microsoft.com/fwlink/p/?LinkId=690266)
+    -   [Cutover Exchange Migration and Single Sign-On](https://go.microsoft.com/fwlink/p/?LinkId=690266)
 
-    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690267)
+    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690267)
 
-    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690268)
+    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690268)
 
 -   **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
 
@@ -924,15 +924,15 @@ For example, if you selected to deploy Windows devices by each classroom, start
 
 In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy Windows 10 images to the devices, see the following resources:
 
--   [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
+-   [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
 
--   [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)
+-   [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)
 
--   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)
+-   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)
 
--   [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)
+-   [Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)
 
--   [Operating System Deployment in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733916)
+-   [Operating System Deployment in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733916)
 
 In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
 
@@ -949,9 +949,9 @@ After you complete these steps, your management system should take over the day-
 ## Related topics
 
 
-[Try it out: Windows 10 deployment (for education)](http://go.microsoft.com/fwlink/p/?LinkId=623254)
+[Try it out: Windows 10 deployment (for education)](https://go.microsoft.com/fwlink/p/?LinkId=623254)
 
-[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)
+[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)
 
  
 
diff --git a/education/windows/create-tests-using-microsoft-forms.md b/education/windows/create-tests-using-microsoft-forms.md
new file mode 100644
index 0000000000..64a6208970
--- /dev/null
+++ b/education/windows/create-tests-using-microsoft-forms.md
@@ -0,0 +1,29 @@
+---
+title: Create tests using Microsoft Forms
+description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
+keywords: school, Take a Test, Microsoft Forms
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.sitesec: library
+ms.pagetype: edu
+author: CelesteDG
+---
+
+# Create tests using Microsoft Forms
+**Applies to:**
+
+-   Windows 10   
+
+
+For schools that have an Office 365 Education subscription, teachers can use [Microsoft Forms](https://support.office.com/article/What-is-Microsoft-Forms-6b391205-523c-45d2-b53a-fc10b22017c8) to create a test and then require that students use the Take a Test app to block access to other computers or online resources while completing the test created through Microsoft Forms.
+
+To do this, teachers can select a check box to make it a secure test. Microsoft Forms will generate a link that you can use to embed into your OneNote or class website. When students are ready to take a test, they can click on the link to start the test.
+
+Microsoft Forms will perform checks to ensure students are taking the test in a locked down Take a Test session. If not, students are not permitted access to the assessment.
+
+[Learn how to block Internet access while students complete your form](https://support.office.com/article/6bd7e31d-5be0-47c9-a0dc-c0a74fc48959)
+
+
+## Related topics
+
+[Take tests in Windows 10](take-tests-in-windows-10.md)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 53a866f3b8..b819adf9a0 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1257,8 +1257,8 @@ Now, you have identified the tasks you need to perform monthly, at the end of an
 
 ##Related resources
 <ul>
-<li>[Try it out: Windows 10 deployment (for educational institutions)](http://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
-<li>[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
-<li>[Chromebook migration guide](http://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
+<li>[Try it out: Windows 10 deployment (for educational institutions)](https://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
+<li>[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
+<li>[Chromebook migration guide](https://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
 </ul>
 
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index 28792bb055..20539db158 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -13,7 +13,7 @@ author: CelesteDG
 -   Windows 10
 
 
-Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, as well as some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](http://go.microsoft.com/fwlink/?LinkId=809305).
+Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, as well as some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
 
 Here are some best practices and specific privacy settings we’d like you to be aware of.
 
@@ -28,8 +28,8 @@ Keep these best practices in mind when deploying any edition of Windows 10 in sc
 ## Windows 10 Contacts privacy settings
 
 If you’re an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
-* [Configure Windows telemetry in your organization](http://go.microsoft.com/fwlink/?LinkId=817241) - Describes the types of telemetry we gather and the ways you can manage this data.
-* [Manage connections from Windows operating system components to Microsoft services](http://go.microsoft.com/fwlink/?LinkId=817240) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
+* [Configure Windows telemetry in your organization](https://go.microsoft.com/fwlink/?LinkId=817241) - Describes the types of telemetry we gather and the ways you can manage this data.
+* [Manage connections from Windows operating system components to Microsoft services](https://go.microsoft.com/fwlink/?LinkId=817240) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
 
 In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student’s contacts list. By default, this setting is turned on.
 
@@ -70,7 +70,7 @@ To allow only certain apps to have access to contacts, you can:
 
 Skype Preview (a Universal Windows Platform [UWP] preview app) and Xbox are preinstalled as part of Windows 10.
 
-The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see this [FAQ](http://go.microsoft.com/fwlink/?LinkId=821441).
+The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see this [FAQ](https://go.microsoft.com/fwlink/?LinkId=821441).
 
 With the Xbox app, students can use their Xbox profiles to play and make progress on their games using their Windows-based device. They can also unlock achievements and show off to their friends with game clips and screenshots. The Xbox app requires a Microsoft account, which is a personal account.
 
@@ -104,16 +104,16 @@ The profile page includes these sections:
 #### Xbox
 A user’s Xbox friends and their friends’ friends can see their real name and profile. By default, the Xbox privacy settings enforce that no personal identifying information of a minor is shared on the Xbox Live network, although adults in the child’s family can change these default settings to allow it to be more permissive.
 
-To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](http://go.microsoft.com/fwlink/?LinkId=821445).
+To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](https://go.microsoft.com/fwlink/?LinkId=821445).
 
 
 ### Delete an account if username is identifying
 If you want to delete either (or both) the Skype and the Xbox accounts, here’s how to do it.
 
 #### Skype
-To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](http://go.microsoft.com/fwlink/?LinkId=816515)
+To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](https://go.microsoft.com/fwlink/?LinkId=816515)
 
-If you need help deleting the account, you can contact Skype customer service by going to the [Skype support request page](http://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
+If you need help deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
 1.	Select a help topic (**Account and Password**)
 2.	Select a related problem (**Deleting an account**)
 3.	Click **Next**.
@@ -121,7 +121,7 @@ If you need help deleting the account, you can contact Skype customer service by
 
 
 #### Xbox
-To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](http://go.microsoft.com/fwlink/?LinkId=816521).
+To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](https://go.microsoft.com/fwlink/?LinkId=816521).
 
 ## Related topics
 [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
diff --git a/education/windows/images/wsfb-minecraft-vl.png b/education/windows/images/wsfb-minecraft-vl.png
new file mode 100644
index 0000000000..e3fe6de6d7
Binary files /dev/null and b/education/windows/images/wsfb-minecraft-vl.png differ
diff --git a/education/windows/index.md b/education/windows/index.md
index 6e20c83aae..f8d54749bf 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -9,9 +9,11 @@ author: jdeckerMS
 ---
 
 # Windows 10 for Education
-[Windows 10 Education](https://www.microsoft.com/en-us/education/products/windows/default.aspx) empowers staff, administrators, teachers and students to do great things.
+[Windows 10 Education and Windows 10 Pro Education](https://www.microsoft.com/en-us/education/products/windows/default.aspx) empowers staff, administrators, teachers and students to do great things.
 
-[Find out how to get Windows 10 Education for your school.](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
+[Find out how to get Windows 10 Education or Windows 10 Pro Education for your school](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
+
+[Learn more about what features and functionality are supported in each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
 
 ## In this section
 
@@ -28,5 +30,5 @@ author: jdeckerMS
 
 ## Related topics
 
-- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
 - [Try it out: virtual labs and how-to videos for Windows 10 Education](https://technet.microsoft.com/en-us/windows/dn610356)
+- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 5c18b9e201..e1d8f75c0d 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -20,6 +20,12 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
 
 ## Add Minecraft to your Windows Store for Business 
 
+You can start with the Minecraft: Education Edition trial to get individual copies of the app. For more information, see [Minecraft: Education Edition - individual copies](#individual-copies). 
+
+If you’ve been approved and are part of the Enrollment for Education Solutions program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license)
+
+### <a href="" id="individual-copies"></a>Minecraft: Education Edition - individual copies
+
 1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **Get the app**.
 
     ![Click Get the app](images/it-get-app.png) 
@@ -42,15 +48,33 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
 
     ![Get Minecraft app in Store](images/minecraft-get-the-app.png)
 
-## Distribute Minecraft
+Now that the app is in your Store for Business inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
+
+### <a href="" id="volume-license"></a>Minecraft: Education Edition - volume license
+
+Qualified education institutions can purchase Minecraft: Education Edition volume licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this: 
+
+- Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the copies will be available in [Windows Store for Business](https://www.microsoft.com/business-store) inventory. 
+- You’ll receive an email with a link to Windows Store for Business. 
+- Sign in to [Windows Store for Business](https://www.microsoft.com/business-store) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
+
+## <a href="" id="distribute-minecraft"></a>Distribute Minecraft
 
 After Minecraft Education Edition is added to your Windows Store for Business, you have three options:
 
 - You can install the app on your PC.
-- You can assign the app to others.  
-- You can download the app to distribute. 
+- You can assign the app to others. 
+- You can download the app to distribute.
 
-![App distribution options](images/mc-install-for-me-admin.png)
+Admins can also add Minecraft: Education Edition to the private store. This allows people in your organization to install the app from the private store. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store). 
+
+Here's the page you'll see for individual copies of **Minecraft: Education Edition**. 
+
+![App distribution options - individual copies](images/mc-install-for-me-admin.png)
+
+Here's the page you'll see for volume licensed copies of of **Minecraft: Education Edition**.
+
+![App distribution options - individual copies](images/wsfb-minecraft-vl.png)
 
 ### Install for me
 You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.   
@@ -81,22 +105,22 @@ Enter email addresses for your students, and each student will get an email with
 
 **To finish Minecraft install (for students)**
 
-Students will receive an email with a link that will install the app on their PC.
+1. Students will receive an email with a link that will install the app on their PC.</br>
 
-![Email with Get the app link](images/minecraft-student-install-email.png)
+    ![Email with Get the app link](images/minecraft-student-install-email.png)
 
-1. Click **Get the app** to start the app install in Windows Store app. 
-2. In Windows Store app, click **Install**. 
+2. Click **Get the app** to start the app install in Windows Store app. 
+3. In Windows Store app, click **Install**. 
 
-     ![Windows Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
+    ![Windows Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
 
-After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
+    After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
 
-![Windows Store app showing access to My Library](images/minecraft-private-store.png) 
+    ![Windows Store app showing access to My Library](images/minecraft-private-store.png) 
 
-When students click **My Libarary** they'll find apps assigned to them.
+    When students click **My Libarary** they'll find apps assigned to them.
 
-![My Library for example student](images/minecraft-my-library.png) 
+    ![My Library for example student](images/minecraft-my-library.png) 
 
 ### Download for others
 Download for others allows teachers or IT admins to download a packages that they can install on student PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for younger students, and for shared computers. Choose this option when:
@@ -157,7 +181,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
 - Acquire and manage the app
 - Info on Support page (including links to documentation and access to support through customer service)
 
-![assign roles to manage Minecraft permissions](images/minecraft-perms.png)
+    ![assign roles to manage Minecraft permissions](images/minecraft-perms.png)
 
 **To assign Basic Purchaser role**
 
@@ -178,7 +202,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
     
     ![Permission page for Windows Store for Business](images/minecraft-assign-roles-2.png)
 
-## Private store
+## <a href="" id="private-store"></a>Private store
 
 When you create you Windows Store for Business account, you'll have a set of apps included for free in your private store. Apps in your private store are available for all people in your organization to install and use. 
 
@@ -191,7 +215,12 @@ These apps will automatically be in your private store:
 - Fresh Paint
 - Minecraft: Education Edition
 
-As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed. 
+As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed.  
+
+## Need more copies of Minecraft: Education Edition?
+You can purchase more licenses by working with your channel partner. Licenses are available at a lower rate than the price for individual copies that are available through Windows Store for Business. Individual copies are also available through Windows Store for Business. 
+
+If you’ve purchased a volume license, be sure to let other basic purchasers in your organization know about the volume license. That should help prevent unnecessary purchases of individual copies.
 
 ## Learn more
 
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 9d3f8be882..04e110de10 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -208,10 +208,10 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
 
 -  [Develop Universal Windows Education apps](https://msdn.microsoft.com/windows/uwp/apps-for-education/index)
 
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 0110e7d52c..7d5f5d6c0e 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -131,7 +131,7 @@ On the **File** menu, select **Save.**
 
     After you allow the package to be installed, the settings will be applied to the device
 
-[Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+[Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
 
 ### Set up test account in Group Policy
 
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 6bf51bf7b2..40850cf578 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -9,7 +9,7 @@ ms.pagetype: edu
 author: jdeckerMS
 ---
 
-# Take tests in Windows 10 
+# Take tests in Windows 10
 **Applies to:**
 
 -   Windows 10   
@@ -42,7 +42,6 @@ Many schools use online testing for formative and summative assessments. It's cr
 
 ## Related topics
 
+[Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)
+
 [Take a Test app technical reference](take-a-test-app-technical.md)
-
-
-
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index c9c386545b..7c7eda6f8e 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -148,7 +148,7 @@ If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edi
 | App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app will not be available.| Restart PC. </br> Run **InstallMinecraftEducationEdition.bat** again. </br> If a restart doesn't work, contact your IT Admin.  | 
 
 
-If you are still having trouble installing the app, you can get more help on our [Support page](http://go.microsoft.com/fwlink/?LinkID=799757). 
+If you are still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757). 
 
 ## Related topics
 
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 9eccc9be96..ed22802caa 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -14,15 +14,15 @@ author: CelesteDG
 
 -   Windows 10
 
-Windows 10 Anniversary Update (Windows 10, version 1607) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](http://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](http://go.microsoft.com/fwlink/?LinkId=822620).
+Windows 10 Anniversary Update (Windows 10, version 1607) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
 
-Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](http://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](http://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/).
+Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/).
 
 Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
 
 ## Windows 10 Pro Education
 
-Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings, including the removal of Cortana<sup>1</sup>. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627).
+Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings, including the removal of Cortana<sup>1</sup>. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
 
 Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
 
@@ -30,23 +30,23 @@ Existing devices running Windows 10 Pro, currently activated with the original O
 
 Customers with Academic Volume Licensing agreements with rights for Windows can get Windows 10 Pro Education through the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), available at a later date.
 
-Customers that deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](http://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
+Customers that deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
 
 ## Windows 10 Education
 
-Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings, including the removal of Cortana<sup>1</sup>. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627).
+Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings, including the removal of Cortana<sup>1</sup>. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
 
-Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](http://go.microsoft.com/fwlink/?LinkId=822628).
+Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
 
-Customers that deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](http://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
+Customers that deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
 
 For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
 
 ## Related topics
 * [Windows deployment for education](http://aka.ms/edudeploy)
-* [Windows 10 upgrade paths](http://go.microsoft.com/fwlink/?LinkId=822787)
-* [Volume Activation for Windows 10](http://go.microsoft.com/fwlink/?LinkId=822788)
-* [Plan for volume activation](http://go.microsoft.com/fwlink/?LinkId=822789)
+* [Windows 10 upgrade paths](https://go.microsoft.com/fwlink/?LinkId=822787)
+* [Volume Activation for Windows 10](https://go.microsoft.com/fwlink/?LinkId=822788)
+* [Plan for volume activation](https://go.microsoft.com/fwlink/?LinkId=822789)
 
 
 
diff --git a/images/compare-changes.png b/images/compare-changes.png
new file mode 100644
index 0000000000..0d86db70f5
Binary files /dev/null and b/images/compare-changes.png differ
diff --git a/images/contribute-link.png b/images/contribute-link.png
new file mode 100644
index 0000000000..6b17e6dd56
Binary files /dev/null and b/images/contribute-link.png differ
diff --git a/images/pencil-icon.png b/images/pencil-icon.png
new file mode 100644
index 0000000000..82fe7852dd
Binary files /dev/null and b/images/pencil-icon.png differ
diff --git a/images/preview-changes.png b/images/preview-changes.png
new file mode 100644
index 0000000000..f98b2c6443
Binary files /dev/null and b/images/preview-changes.png differ
diff --git a/images/propose-file-change.png b/images/propose-file-change.png
new file mode 100644
index 0000000000..aedbc07b16
Binary files /dev/null and b/images/propose-file-change.png differ
diff --git a/license.md b/license.md
new file mode 100644
index 0000000000..0e5cb57b99
--- /dev/null
+++ b/license.md
@@ -0,0 +1,7 @@
+Copyright (c) Microsoft Corporation.  Distributed under the following terms:
+
+1. Microsoft and any contributors to this project each grants you a license, under its respective copyrights, to the documentation under the [Creative Commons Attribution 3.0 United States License](http://creativecommons.org/licenses/by/3.0/us/legalcode).  In addition, with respect to any sample code contained in the documentation, Microsoft and any such contributors grants you an additional license, under its respective intellectual property rights, to use the code to develop or design your software for Microsoft Windows.
+
+2.  Microsoft, Windows, and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. This license does not grant you rights to use any names, logos, or trademarks. For Microsoft’s general trademark guidelines, go to [https://go.microsoft.com/fwlink/?LinkID=254653](https://go.microsoft.com/fwlink/?LinkID=254653).
+
+3.  Microsoft and any contributors reserves all others rights, whether under copyrights, patents, or trademarks, or by implication, estoppel or otherwise.
diff --git a/mdop/agpm/choosing-which-version-of-agpm-to-install.md b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
index 0c96e2b93c..e047f05e63 100644
--- a/mdop/agpm/choosing-which-version-of-agpm-to-install.md
+++ b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
@@ -19,7 +19,7 @@ We recommend that you install the AGPM Server on the most recent version of the
 
 All versions of AGPM can manage only the policy settings that were introduced in the same version or an earlier version of the operating system on which AGPM is running. For example, if you install AGPM 4.0 SP2 on Windows Server 2012, you can manage policy settings that were introduced in Windows Server 2012 or earlier, but you cannot manage policy settings that were introduced later, in Windows 8.1 or Windows Server 2012 R2.
 
-If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For information about which policy settings are available with which operating systems, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/?LinkId=157345).
+If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
 
 ## AGPM 4.0 SP3
 
@@ -282,7 +282,7 @@ Table 4 lists the operating systems on which you can install the versions of AGP
 ## How to Get MDOP Technologies
 
 
-AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md
index 1439565b2c..7d17648258 100644
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@@ -43,15 +43,15 @@ In addition to the product documentation available online, supplemental product
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>MDOP Videos</strong></p></td>
-<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](http://go.microsoft.com/fwlink/?LinkId=234275) (http://go.microsoft.com/fwlink/?LinkId=234275).</p></td>
+<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/?LinkId=234275) (https://go.microsoft.com/fwlink/?LinkId=234275).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>MDOP Virtual Labs</strong></p></td>
-<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](http://go.microsoft.com/fwlink/?LinkId=234276) (http://go.microsoft.com/fwlink/?LinkId=234276).</p></td>
+<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/?LinkId=234276) (https://go.microsoft.com/fwlink/?LinkId=234276).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>MDOP TechCenter</strong></p></td>
-<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](http://go.microsoft.com/fwlink/?LinkId=225286) (http://go.microsoft.com/fwlink/?LinkId=225286)</p>
+<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/?LinkId=225286) (https://go.microsoft.com/fwlink/?LinkId=225286)</p>
 <p></p></td>
 </tr>
 </tbody>
@@ -68,7 +68,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
 MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
 
 <a href="" id="download-mdop"></a>**Download MDOP**  
-MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](http://go.microsoft.com/fwlink/?LinkId=166331).
+MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/?LinkId=166331).
 
 <a href="" id="purchase-mdop"></a>**Purchase MDOP**  
 Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
index 4857c10d22..ac902a9785 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
@@ -32,7 +32,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
     1.  Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md).
 
-    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkId=153505) (http://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkId=156883) (http://go.microsoft.com/fwlink/?LinkId=156883).
+    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883).
 
     3.  Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md).
 
@@ -62,9 +62,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Modify the AGPM Service](modify-the-agpm-service-agpm40.md)
 
--   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkId=153505) (http://go.microsoft.com/fwlink/?LinkId=153505)
+-   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505)
 
--   [Planning Guide for Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkId=156883) (http://go.microsoft.com/fwlink/?LinkId=156883)
+-   [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883)
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
 
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive.md b/mdop/agpm/move-the-agpm-server-and-the-archive.md
index b3386feba0..b2ff901507 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive.md
@@ -32,7 +32,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
     1.  Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md).
 
-    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<http://go.microsoft.com/fwlink/?LinkId=132706>) and Planning Guide for Microsoft Advanced Group Policy Management (<http://go.microsoft.com/fwlink/?LinkId=141871>).
+    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<https://go.microsoft.com/fwlink/?LinkId=132706>) and Planning Guide for Microsoft Advanced Group Policy Management (<https://go.microsoft.com/fwlink/?LinkId=141871>).
 
     3.  Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md).
 
@@ -62,9 +62,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md)
 
--   Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<http://go.microsoft.com/fwlink/?LinkId=132706>)
+-   Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<https://go.microsoft.com/fwlink/?LinkId=132706>)
 
--   Planning Guide for Microsoft Advanced Group Policy Management (<http://go.microsoft.com/fwlink/?LinkId=141871>)
+-   Planning Guide for Microsoft Advanced Group Policy Management (<https://go.microsoft.com/fwlink/?LinkId=141871>)
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
index 3c3a5edf6d..361d135a71 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
@@ -60,7 +60,7 @@ WORKAROUND: Manually start the AGPM Service after the domain controller is onlin
 
 ### Upgrade of AGPM Server to AGPM 4.0 SP1 is blocked when you upgrade from the AGPM 4.0 release plus the hotfix
 
-If you try to upgrade the AGPM server to AGPM 4.0. SP1 after installing AGPM 4.0 and then installing the AGPM hotfix (see Knowledge Base article [2643502](http://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
+If you try to upgrade the AGPM server to AGPM 4.0. SP1 after installing AGPM 4.0 and then installing the AGPM hotfix (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
 
 WORKAROUND: Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP1.
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
index 3b40da74ea..9d5f433b78 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
@@ -60,7 +60,7 @@ When the AGPM Service is installed on a domain controller on the Windows® 8 ope
 
 ### Upgrade of AGPM Server to AGPM 4.0 SP2 is blocked when you upgrade from the AGPM 4.0 release plus hotfix 1
 
-If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](http://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
+If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
 
 **Workaround:** Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP2.
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
index c3412ae653..ee8e39c778 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
@@ -66,7 +66,7 @@ When the AGPM Service is installed on a domain controller on the Windows® 8 ope
 
 ### Upgrade of AGPM Server to AGPM 4.0 SP2 is blocked when you upgrade from the AGPM 4.0 release plus hotfix 1
 
-If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](http://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
+If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
 
 **Workaround:** Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP2.
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
index 0f6e6394b6..21eafbce4e 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
@@ -22,33 +22,33 @@ Microsoft Advanced Group Policy Management (AGPM) 4.0 extends the capabilities o
 
 The following documents can help you get started with AGPM 4.0.
 
--   For an overview of the capabilities of AGPM, see [Overview of Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkID=162671) (http://go.microsoft.com/fwlink/?LinkID=162671).
+-   For an overview of the capabilities of AGPM, see [Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkID=162671) (https://go.microsoft.com/fwlink/?LinkID=162671).
 
--   For information about how AGPM 4.0 differs from AGPM 3.0, see [What's New in AGPM 4.0](http://go.microsoft.com/fwlink/?LinkId=160058) (http://go.microsoft.com/fwlink/?LinkId=160058).
+-   For information about how AGPM 4.0 differs from AGPM 3.0, see [What's New in AGPM 4.0](https://go.microsoft.com/fwlink/?LinkId=160058) (https://go.microsoft.com/fwlink/?LinkId=160058).
 
--   For guidance about how to determine whether AGPM 4.0, AGPM 3.0, or AGPM 2.5 is appropriate for your environment, see [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=145981) (http://go.microsoft.com/fwlink/?LinkId=145981).
+-   For guidance about how to determine whether AGPM 4.0, AGPM 3.0, or AGPM 2.5 is appropriate for your environment, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=145981) (https://go.microsoft.com/fwlink/?LinkId=145981).
 
--   For basic guidance about how to install AGPM and a sample scenario for using AGPM, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkID=153505) (http://go.microsoft.com/fwlink/?LinkID=153505). This guide is primarily designed to help evaluators and first-time users.
+-   For basic guidance about how to install AGPM and a sample scenario for using AGPM, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkID=153505) (https://go.microsoft.com/fwlink/?LinkID=153505). This guide is primarily designed to help evaluators and first-time users.
 
--   For information about how to upgrade from an earlier version of AGPM or detailed guidance about how to plan the deployment of AGPM in your organization, see the [Planning Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkID=156883) (http://go.microsoft.com/fwlink/?LinkID=156883).
+-   For information about how to upgrade from an earlier version of AGPM or detailed guidance about how to plan the deployment of AGPM in your organization, see the [Planning Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkID=156883) (https://go.microsoft.com/fwlink/?LinkID=156883).
 
--   For information about how to use AGPM to perform specific tasks, see the Advanced Group Policy Management 4.0 Help, which is also available on TechNet as the [Operations Guide for AGPM 4.0](http://go.microsoft.com/fwlink/?LinkId=159872) (http://go.microsoft.com/fwlink/?LinkId=159872).
+-   For information about how to use AGPM to perform specific tasks, see the Advanced Group Policy Management 4.0 Help, which is also available on TechNet as the [Operations Guide for AGPM 4.0](https://go.microsoft.com/fwlink/?LinkId=159872) (https://go.microsoft.com/fwlink/?LinkId=159872).
 
 ## More information
 
 
 For more information about AGPM, see the following:
 
--   [Advanced Group Policy Management TechNet Library](http://go.microsoft.com/fwlink/?LinkID=146846) (http://go.microsoft.com/fwlink/?LinkID=146846)
+-   [Advanced Group Policy Management TechNet Library](https://go.microsoft.com/fwlink/?LinkID=146846) (https://go.microsoft.com/fwlink/?LinkID=146846)
 
--   [Microsoft Desktop Optimization Pack TechCenter](http://go.microsoft.com/fwlink/?LinkId=159870) (http://www.microsoft.com/technet/mdop)
+-   [Microsoft Desktop Optimization Pack TechCenter](https://go.microsoft.com/fwlink/?LinkId=159870) (http://www.microsoft.com/technet/mdop)
 
--   [Group Policy TechCenter](http://go.microsoft.com/fwlink/?LinkId=145531) (http://www.microsoft.com/gp)
+-   [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkId=145531) (http://www.microsoft.com/gp)
 
 ## Providing feedback
 
 
-You can post feedback or questions about AGPM to the [Group Policy Forum](http://go.microsoft.com/fwlink/?LinkId=145532) (http://go.microsoft.com/fwlink/?LinkId=145532).
+You can post feedback or questions about AGPM to the [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkId=145532) (https://go.microsoft.com/fwlink/?LinkId=145532).
 
 ## Known issues with AGPM 4.0
 
diff --git a/mdop/agpm/resources-for-agpm.md b/mdop/agpm/resources-for-agpm.md
index aea623d985..6819ebac13 100644
--- a/mdop/agpm/resources-for-agpm.md
+++ b/mdop/agpm/resources-for-agpm.md
@@ -15,21 +15,21 @@ ms.prod: w10
 
 ### Documents for download
 
--   [Advanced Group Policy Management 4.0 documents](http://go.microsoft.com/fwlink/?LinkID=158931)
+-   [Advanced Group Policy Management 4.0 documents](https://go.microsoft.com/fwlink/?LinkID=158931)
 
 ### Microsoft Desktop Optimization Pack resources
 
--   [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](http://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
+-   [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](https://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
 
--   [Enterprise products: MDOP](http://go.microsoft.com/fwlink/?LinkID=160297): Overviews and information about the benefits of applications in MDOP.
+-   [Enterprise products: MDOP](https://go.microsoft.com/fwlink/?LinkID=160297): Overviews and information about the benefits of applications in MDOP.
 
 ### Group Policy resources
 
--   [Group Policy TechCenter](http://go.microsoft.com/fwlink/?LinkID=145531) (http://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads.
+-   [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkID=145531) (http://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads.
 
--   [Group Policy Team Blog](http://go.microsoft.com/fwlink/?LinkID=75192) (http://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts.
+-   [Group Policy Team Blog](https://go.microsoft.com/fwlink/?LinkID=75192) (http://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts.
 
--   [Group Policy Forum](http://go.microsoft.com/fwlink/?LinkID=145532): Do you have questions about Group Policy or AGPM? You can post your questions to the forum, and receive answers from the experts.
+-   [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkID=145532): Do you have questions about Group Policy or AGPM? You can post your questions to the forum, and receive answers from the experts.
 
  
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
index fdd71d9044..fa74f313d2 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
@@ -57,7 +57,7 @@ You should install AGPM Server on a member server or domain controller with the
 
 Specifically, if your AGPM Server is running Windows Server 2003 and the version of the GPMC that accompanied it, and your Group Policy administrators’ computers are running Windows Vista and the version of the GPMC that accompanied it, you can still manage most policy settings. However, policy settings from the GPMC in Windows Vista that are not available in the GPMC in Windows Server 2003—such as those related to folder redirection, wireless networking (IEEE 802.11), and deployed printers—cannot be stored by the AGPM Server, even though administrators can configure them using AGPM on their computers.
 
-If you must install AGPM Server on a computer with an older version of GPMC than your Group Policy administrators are running, see the Group Policy Settings Reference for details about which policy settings are available with which operating systems. To download the Group Policy Settings Reference, see <http://go.microsoft.com/fwlink/?LinkID=106147>.
+If you must install AGPM Server on a computer with an older version of GPMC than your Group Policy administrators are running, see the Group Policy Settings Reference for details about which policy settings are available with which operating systems. To download the Group Policy Settings Reference, see <https://go.microsoft.com/fwlink/?LinkID=106147>.
 
 **Note**  
 Archives cannot be migrated from an AGPM Server or a GPOVault Server running Windows Server 2003 to an AGPM Server running Windows Vista.
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
index d74d9b2f90..84a55aac70 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
@@ -64,7 +64,7 @@ Before you install AGPM Server, you must be a member of the Domain Admins group
 
     -   Windows Server 2008: The GPMC is automatically installed by AGPM if not present.
 
-    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <http://go.microsoft.com/fwlink/?LinkID=116179>.
+    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <https://go.microsoft.com/fwlink/?LinkID=116179>.
 
 -   .NET Framework 3.5
 
@@ -90,7 +90,7 @@ The following Windows features are required by AGPM Client and will be automatic
 
     -   Windows Server 2008: The GPMC is automatically installed by AGPM if not present.
 
-    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <http://go.microsoft.com/fwlink/?LinkID=116179>.
+    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <https://go.microsoft.com/fwlink/?LinkID=116179>.
 
 -   .NET Framework 3.0
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
index c6c50f7339..364f0682a2 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
@@ -109,9 +109,9 @@ Before you install AGPM Server, you must be a member of the Domain Admins group
 
     -   Windows Server 2008 R2 or Windows Server 2008: If the GPMC is not present, it is automatically installed by AGPM.
 
-    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](http://go.microsoft.com/fwlink/?LinkID=131280) (http://go.microsoft.com/fwlink/?LinkID=131280).
+    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](https://go.microsoft.com/fwlink/?LinkID=131280) (https://go.microsoft.com/fwlink/?LinkID=131280).
 
-    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](http://go.microsoft.com/fwlink/?LinkID=116179) (http://go.microsoft.com/fwlink/?LinkID=116179).
+    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](https://go.microsoft.com/fwlink/?LinkID=116179) (https://go.microsoft.com/fwlink/?LinkID=116179).
 
 -   The .NET Framework 3.5 or later versions
 
@@ -141,9 +141,9 @@ The following Windows features are required by AGPM Client and unless otherwise
 
     -   Windows Server 2008 R2 or Windows Server 2008: If the GPMC is not present, it is automatically installed by AGPM.
 
-    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](http://go.microsoft.com/fwlink/?LinkID=131280) (http://go.microsoft.com/fwlink/?LinkID=131280).
+    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](https://go.microsoft.com/fwlink/?LinkID=131280) (https://go.microsoft.com/fwlink/?LinkID=131280).
 
-    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](http://go.microsoft.com/fwlink/?LinkID=116179) (http://go.microsoft.com/fwlink/?LinkID=116179).
+    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](https://go.microsoft.com/fwlink/?LinkID=116179) (https://go.microsoft.com/fwlink/?LinkID=116179).
 
 -   The .NET Framework 3.0 or later version
 
diff --git a/mdop/agpm/technical-overview-of-agpm.md b/mdop/agpm/technical-overview-of-agpm.md
index 66258c0203..73852bc4e2 100644
--- a/mdop/agpm/technical-overview-of-agpm.md
+++ b/mdop/agpm/technical-overview-of-agpm.md
@@ -101,7 +101,7 @@ Table 1 describes both the items that AGPM installs or creates and the parts of
 
 ### Additional references
 
-For more information about the files installed by AGPM, see the [Planning Guide for AGPM](http://go.microsoft.com/fwlink/?LinkId=160060).
+For more information about the files installed by AGPM, see the [Planning Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160060).
 
 ## Archive
 
@@ -121,7 +121,7 @@ When AGPM creates the archive, it gives Full Control to SYSTEM, Administrators,
 
 ### Additional references
 
-For information about how to back up the archive, restore the archive from a backup, or move both the AGPM Server and the archive, see the "Performing AGPM Administrator Tasks" section in the [Operations Guide for AGPM](http://go.microsoft.com/fwlink/?LinkId=160061).
+For information about how to back up the archive, restore the archive from a backup, or move both the AGPM Server and the archive, see the "Performing AGPM Administrator Tasks" section in the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061).
 
 ## Roles and permissions
 
@@ -268,7 +268,7 @@ The ability to delegate access to GPOs in the production environment for a domai
 
 ### Additional references
 
-For information about what tasks can be performed by Group Policy administrators assigned a particular role or about which permissions are required to perform a specific task, see the [Operations Guide for AGPM](http://go.microsoft.com/fwlink/?LinkId=160061).
+For information about what tasks can be performed by Group Policy administrators assigned a particular role or about which permissions are required to perform a specific task, see the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061).
 
  
 
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp1.md b/mdop/agpm/whats-new-in-agpm-40-sp1.md
index 78c1991bf6..bc8d5bf649 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp1.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp1.md
@@ -60,7 +60,7 @@ The changes and support for the AGPM 4.0 SP1 installer are:
 
 ### Ability to upgrade or update to AGPM 4.0 SP1 without re-entering configuration parameters
 
-You can upgrade the AGPM client or server to AGPM 4.0 SP1 only from AGPM 4.0 without being prompted to re-enter configuration parameters (called “Smart Upgrade”), as shown in the following table. If you are upgrading to AGPM 4.0 SP1 from other versions of AGPM, as shown in the table, you must use the “Classic Upgrade,” which requires you to re-enter the configuration parameters. Since each version of AGPM is associated with a particular operating system, refer to [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=254350), and be sure to upgrade your operating system as appropriate before performing an upgrade.
+You can upgrade the AGPM client or server to AGPM 4.0 SP1 only from AGPM 4.0 without being prompted to re-enter configuration parameters (called “Smart Upgrade”), as shown in the following table. If you are upgrading to AGPM 4.0 SP1 from other versions of AGPM, as shown in the table, you must use the “Classic Upgrade,” which requires you to re-enter the configuration parameters. Since each version of AGPM is associated with a particular operating system, refer to [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350), and be sure to upgrade your operating system as appropriate before performing an upgrade.
 
 <table>
 <colgroup>
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp2.md b/mdop/agpm/whats-new-in-agpm-40-sp2.md
index 7c7e323813..571237f2a3 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp2.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp2.md
@@ -34,11 +34,11 @@ The new and changed Group Policy client-side extensions are:
 
 -   **Force automatic setup for all users**. If you enable this policy setting, IT administrators can determine whether to create the Work Folders partnership automatically on end-user devices without input from end users. If you enable this policy setting, the synchronization will be set up according to how you configure the **Specify Work Folders settings** policy setting. If you set the **Force automatic setup for all users** policy setting to **Disabled** or **Not configured**, the Work Folders partnership will be configured according to how you set the **Automatic Provisioning** option in the **Specify Work Folders settings** policy setting.
 
-For more information about the Work Folders feature, see [Work Folders Overview](http://go.microsoft.com/fwlink/?LinkId=330444).
+For more information about the Work Folders feature, see [Work Folders Overview](https://go.microsoft.com/fwlink/?LinkId=330444).
 
 ### Customer feedback and hotfix rollup
 
-AGPM 4.0 SP2 includes a rollup of hotfixes to address issues found since the AGPM 4.0 Service Pack 1 (SP1) release. AGPM 4.0 SP2 contains the latest fixes up to and including Microsoft Advanced Group Policy Management 4.0 SP1 Hotfix 1. For more information, see Knowledge Base article [2873472](http://go.microsoft.com/fwlink/?LinkId=325400)).
+AGPM 4.0 SP2 includes a rollup of hotfixes to address issues found since the AGPM 4.0 Service Pack 1 (SP1) release. AGPM 4.0 SP2 contains the latest fixes up to and including Microsoft Advanced Group Policy Management 4.0 SP1 Hotfix 1. For more information, see Knowledge Base article [2873472](https://go.microsoft.com/fwlink/?LinkId=325400)).
 
 ### New Group Policy extensions in settings and difference reports
 
@@ -58,7 +58,7 @@ The changes and support for the AGPM 4.0 SP2 installer are:
 
 ### Ability to upgrade to AGPM 4.0 SP2 without reentering configuration parameters
 
-You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP2 without being prompted to reenter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 onward, as shown in the following table. If you are upgrading to AGPM 4.0 SP2 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to reenter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
+You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP2 without being prompted to reenter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 onward, as shown in the following table. If you are upgrading to AGPM 4.0 SP2 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to reenter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
 
 **AGPM 4.0 SP2 supported upgrades**
 
@@ -217,7 +217,7 @@ If the GPMC is not enabled, the installer enables it during the installation.
 ## How to Get MDOP Technologies
 
 
-AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md
index a639608821..e598c1a4b8 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp3.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md
@@ -34,7 +34,7 @@ AGPM 4.0 SP3 includes a rollup of all fixes up to and including Microsoft Advanc
 
 ### Ability to upgrade to AGPM 4.0 SP3 without re-entering configuration parameters
 
-You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP3 without being prompted to re-enter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 and later, as shown in the following table. If you are upgrading to AGPM 4.0 SP3 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to re-enter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
+You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP3 without being prompted to re-enter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 and later, as shown in the following table. If you are upgrading to AGPM 4.0 SP3 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to re-enter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
 
 **AGPM 4.0 SP3 supported upgrades**
 
@@ -231,7 +231,7 @@ If the GPMC is not enabled, the installer enables it during the installation.
 ## How to Get MDOP Technologies
 
 
-AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
index 20e54288a5..1bd5cb4df4 100644
--- a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
+++ b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
@@ -47,7 +47,7 @@ You should also review any settings or configuration files associated with the v
 ## Securing App-V Package Accelerators
 
 
-Always save App-V Package Accelerators and any associated installation media in a secure location on the network to protect the App-V Package Accelerators and the installation files from being tampered with or becoming corrupted. Because Package Accelerators can also contain password and user-specific information, you must save App-V Package Accelerators in a secure location, and you must digitally sign the Package Accelerator after you create it so that the publisher can be verified when the Package Accelerator is applied. For more information about digital signatures, see [Application Guidelines on Digital Signature Practices for Common Criteria Security](http://go.microsoft.com/fwlink/?LinkId=204705) (http://go.microsoft.com/fwlink/?LinkId=204705).
+Always save App-V Package Accelerators and any associated installation media in a secure location on the network to protect the App-V Package Accelerators and the installation files from being tampered with or becoming corrupted. Because Package Accelerators can also contain password and user-specific information, you must save App-V Package Accelerators in a secure location, and you must digitally sign the Package Accelerator after you create it so that the publisher can be verified when the Package Accelerator is applied. For more information about digital signatures, see [Application Guidelines on Digital Signature Practices for Common Criteria Security](https://go.microsoft.com/fwlink/?LinkId=204705) (https://go.microsoft.com/fwlink/?LinkId=204705).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
index 84d328ae99..ae8f74d031 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
@@ -15,13 +15,13 @@ ms.prod: w8
 
 This service pack contains the following changes:
 
--   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support applies only to Application Virtualization Server. For more information about AppLocker support in Windows 7, see [Windows AppLocker](http://go.microsoft.com/fwlink/?LinkID=156732) (http://go.microsoft.com/fwlink/?LinkID=156732).
+-   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support applies only to Application Virtualization Server. For more information about AppLocker support in Windows 7, see [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkID=156732) (https://go.microsoft.com/fwlink/?LinkID=156732).
 
--   Support for third-party Kerberos realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario commonly used at many universities. For information about how to enable this support, see [How to Configure the Client for MIT Kerberos Realm Support](http://go.microsoft.com/fwlink/?LinkId=166004) (http://go.microsoft.com/fwlink/?LinkId=166004).
+-   Support for third-party Kerberos realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario commonly used at many universities. For information about how to enable this support, see [How to Configure the Client for MIT Kerberos Realm Support](https://go.microsoft.com/fwlink/?LinkId=166004) (https://go.microsoft.com/fwlink/?LinkId=166004).
 
 -   Improved support for application publishing and streaming through HTTP/HTTPS: App-V 4.5 SP1 provides support for application publishing and streaming through the HTTP/HTTPS protocols for Windows XP Home Edition, Windows Vista Home Basic, and Windows 7 Home Basic.
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup of fixes to address issues found after the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates result from a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see [article 976338](http://go.microsoft.com/fwlink/?LinkId=167121) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=167121).
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup of fixes to address issues found after the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates result from a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see [article 976338](https://go.microsoft.com/fwlink/?LinkId=167121) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=167121).
 
 ## In This Section
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
index 841c1186d3..b5a9241cfa 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
@@ -15,11 +15,11 @@ ms.prod: w8
 
 This service pack contains the following changes:
 
--   Support for Office 2010: Microsoft Application Virtualization (App-V) 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](http://go.microsoft.com/fwlink/?LinkId=191539) (http://go.microsoft.com/fwlink/?LinkId=191539).
+-   Support for Office 2010: Microsoft Application Virtualization (App-V) 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](https://go.microsoft.com/fwlink/?LinkId=191539) (https://go.microsoft.com/fwlink/?LinkId=191539).
 
--   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](http://go.microsoft.com/fwlink/?LinkId=190880) (http://go.microsoft.com/fwlink/?LinkId=190880).
+-   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](https://go.microsoft.com/fwlink/?LinkId=190880) (https://go.microsoft.com/fwlink/?LinkId=190880).
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](http://go.microsoft.com/fwlink/?LinkId=191540) (http://go.microsoft.com/fwlink/?LinkId=191540).
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](https://go.microsoft.com/fwlink/?LinkId=191540) (https://go.microsoft.com/fwlink/?LinkId=191540).
 
 ## In This Section
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
index ce05dc3362..b24beae096 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
@@ -26,7 +26,7 @@ App-V 4.6 SP2 adds support for Windows 8 and Windows Server 2012 Remote Deskto
 
 **Support for coexistence with App-V 5.0 client**
 
-App-V 4.6 SP2 provides support for coexistence with the Microsoft Application Virtualization 5.0 client. Review the App-V 5.0 documentation for instructions on how to configure the App-V 5.0 client for coexistence with the App-V 4.6 SP2 client. For more information about App-V 5.0, see [Application Virtualization 5](http://go.microsoft.com/fwlink/?LinkId=267599) on TechNet.
+App-V 4.6 SP2 provides support for coexistence with the Microsoft Application Virtualization 5.0 client. Review the App-V 5.0 documentation for instructions on how to configure the App-V 5.0 client for coexistence with the App-V 4.6 SP2 client. For more information about App-V 5.0, see [Application Virtualization 5](https://go.microsoft.com/fwlink/?LinkId=267599) on TechNet.
 
 **Ability to virtualize Adobe Reader X with Protected Mode**
 
@@ -82,7 +82,7 @@ Specify a path to an RTF or TXT file that provides packaging and deployment guid
 
 **Microsoft Application Error Reporting no longer needs to be installed**
 
-When you are installing the App-V 4.6 SP2 client by using setup.msi, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V 4.6 SP2 now uses Microsoft Error Reporting. For more information, see [How to Install the App-V Client by Using Setup.msi](http://go.microsoft.com/fwlink/?LinkId=267237).
+When you are installing the App-V 4.6 SP2 client by using setup.msi, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V 4.6 SP2 now uses Microsoft Error Reporting. For more information, see [How to Install the App-V Client by Using Setup.msi](https://go.microsoft.com/fwlink/?LinkId=267237).
 
 **Customer feedback and hotfix rollup**
 
@@ -91,7 +91,7 @@ App-V 4.6 SP2 includes a rollup of fixes to address issues found since the App
 ## In This Section
 
 
-<a href="" id="app-v-4-6-sp2-release-notes"></a>[App-V 4.6 SP2 Release Notes](http://go.microsoft.com/fwlink/?LinkId=267600)  
+<a href="" id="app-v-4-6-sp2-release-notes"></a>[App-V 4.6 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=267600)  
 Provides the most up-to-date information about known issues with App-V 4.6 SP2.
 
  
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
index 5493513ee4..0a642d3bc9 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
@@ -23,7 +23,7 @@ App-V 4.6 SP3 includes support for Windows Server 2012 R2 and Windows 8.1
 ## How to Get MDOP Technologies
 
 
-App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/about-the-deployment-tab.md b/mdop/appv-v4/about-the-deployment-tab.md
index bfaa07b2ad..e3cfc4fcb6 100644
--- a/mdop/appv-v4/about-the-deployment-tab.md
+++ b/mdop/appv-v4/about-the-deployment-tab.md
@@ -117,7 +117,7 @@ Use the **Output Options** controls to specify the output options for the applic
 <td align="left"><p><strong>Compression Algorithm</strong></p></td>
 <td align="left"><p>Use to select the method for compressing the SFT file for streaming across a network. Select one of the following compression methods:</p>
 <ul>
-<li><p><strong>Compressed</strong>—Specifies that the SFT file be compressed in the [ZLIB](http://go.microsoft.com/fwlink/?LinkId=111475) format.</p></li>
+<li><p><strong>Compressed</strong>—Specifies that the SFT file be compressed in the [ZLIB](https://go.microsoft.com/fwlink/?LinkId=111475) format.</p></li>
 <li><p><strong>Not Compressed</strong>—The default; specifies that the SFT file not be compressed.</p></li>
 </ul></td>
 </tr>
diff --git a/mdop/appv-v4/about-the-virtual-file-system-tab.md b/mdop/appv-v4/about-the-virtual-file-system-tab.md
index 4a68cdad5f..e33d52c82f 100644
--- a/mdop/appv-v4/about-the-virtual-file-system-tab.md
+++ b/mdop/appv-v4/about-the-virtual-file-system-tab.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 The virtual file system is created during sequencing. It maps directories and files that are added or modified outside the package root directory. The **Virtual File System** tab displays the entire virtual file system for a sequenced application package. It also allows you to add, edit, and delete file associations.
 
-For information about the virtual file system and its use, see the section “VFS Installs” of [Advanced Sequencing Topics](http://go.microsoft.com/fwlink/?LinkId=114543), at http://go.microsoft.com/fwlink/?LinkId=114543.
+For information about the virtual file system and its use, see the section “VFS Installs” of [Advanced Sequencing Topics](https://go.microsoft.com/fwlink/?LinkId=114543), at https://go.microsoft.com/fwlink/?LinkId=114543.
 
 ## Columns
 
diff --git a/mdop/appv-v4/app-v-45-sp2-release-notes.md b/mdop/appv-v4/app-v-45-sp2-release-notes.md
index 2acd2c8c91..fef2e9aafc 100644
--- a/mdop/appv-v4/app-v-45-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-45-sp2-release-notes.md
@@ -20,33 +20,33 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 
  
 
-For updated information about known issues, please visit the Microsoft TechNet Library at [App-V 4.5 SP2 Release Notes](http://go.microsoft.com/fwlink/?LinkId=184640) (http://go.microsoft.com/fwlink/?LinkId=184640).
+For updated information about known issues, please visit the Microsoft TechNet Library at [App-V 4.5 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=184640) (https://go.microsoft.com/fwlink/?LinkId=184640).
 
 ## About Microsoft Application Virtualization 4.5 Service Pack 2
 
 
 These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization (App-V) 4.5 Service Pack 2 (SP2). This service pack contains the following changes:
 
--   Support for Office 2010: App-V 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Microsoft Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](http://go.microsoft.com/fwlink/?LinkId=191539) (http://go.microsoft.com/fwlink/?LinkId=191539).
+-   Support for Office 2010: App-V 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Microsoft Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](https://go.microsoft.com/fwlink/?LinkId=191539) (https://go.microsoft.com/fwlink/?LinkId=191539).
 
--   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](http://go.microsoft.com/fwlink/?LinkId=190880) (http://go.microsoft.com/fwlink/?LinkId=190880).
+-   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](https://go.microsoft.com/fwlink/?LinkId=190880) (https://go.microsoft.com/fwlink/?LinkId=190880).
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](http://go.microsoft.com/fwlink/?LinkId=191540) (http://go.microsoft.com/fwlink/?LinkId=191540).
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](https://go.microsoft.com/fwlink/?LinkId=191540) (https://go.microsoft.com/fwlink/?LinkId=191540).
 
 ## About the Product Documentation
 
 
-Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the [Application Virtualization TechCenter Library](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939). The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Clients, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
+Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the [Application Virtualization TechCenter Library](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939). The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Clients, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Provide Feedback
 
 
-You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System through the community forum on the Application Virtualization TechCenter [App-V Documentation Forum](http://go.microsoft.com/fwlink/?LinkId=122917) (http://go.microsoft.com/fwlink/?LinkId=122917).
+You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System through the community forum on the Application Virtualization TechCenter [App-V Documentation Forum](https://go.microsoft.com/fwlink/?LinkId=122917) (https://go.microsoft.com/fwlink/?LinkId=122917).
 
 You can also send your documentation feedback directly to the App-V documentation team at <appvdocs@microsoft.com>.
 
@@ -57,13 +57,13 @@ This section provides the most up-to-date information about issues with Microsof
 
 ### Guidance for installing Server Management Console
 
-If you have to install management software on systems other than the primary Application Virtualization publishing and streaming server, the server installation supports installing the Application Virtualization Management Console and Application Virtualization Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Application Virtualization Web service is installed. For information about how to enable this support, see [How to Configure the Server to be Trusted for Delegation](http://go.microsoft.com/fwlink/?LinkId=166682) (http://go.microsoft.com/fwlink/?LinkId=166682).
+If you have to install management software on systems other than the primary Application Virtualization publishing and streaming server, the server installation supports installing the Application Virtualization Management Console and Application Virtualization Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Application Virtualization Web service is installed. For information about how to enable this support, see [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkId=166682) (https://go.microsoft.com/fwlink/?LinkId=166682).
 
 ### Guidance for installing or upgrading clients to App-V 4.5 SP2 by using Setup.msi
 
 When installing or upgrading your App-V Clients to App-V 4.5 SP2 by using Setup.msi, the prerequisites are not installed automatically.
 
-WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V Clients to App-V 4.5 SP2. For detailed procedures about how to install the prerequisites and the App-V Client, see [How to Install the Client by Using the Command Line](http://go.microsoft.com/fwlink/?LinkId=144106) (http://go.microsoft.com/fwlink/?LinkId=144106).
+WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V Clients to App-V 4.5 SP2. For detailed procedures about how to install the prerequisites and the App-V Client, see [How to Install the Client by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=144106) (https://go.microsoft.com/fwlink/?LinkId=144106).
 
 When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.msi with administrative credentials. This file is available on the App-V 4.5 SP2 release media in the Installers\\Client folder.
 
@@ -158,11 +158,11 @@ When using Internet Information Services (IIS) 6.0 or IIS 7.0 for icon or OSD
 
     **Setspn -r HTTP/&lt;Server FQDN&gt;**
 
-For more information, see [Integrated Windows Authentication (IIS 6.0)](http://go.microsoft.com/fwlink/?LinkId=131407) (http://go.microsoft.com/fwlink/?LinkId=131407).
+For more information, see [Integrated Windows Authentication (IIS 6.0)](https://go.microsoft.com/fwlink/?LinkId=131407) (https://go.microsoft.com/fwlink/?LinkId=131407).
 
 ### .NET compatibility changes
 
-Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP SP2 or later. Sequencing routines for .NET applications that were written for SoftGrid 4.2 might have to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, see the Application Virtualization TechCenter article at [Support for .NET in Microsoft Application Virtualization 4.5](http://go.microsoft.com/fwlink/?LinkId=123412) (http://go.microsoft.com/fwlink/?LinkId=123412).
+Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP SP2 or later. Sequencing routines for .NET applications that were written for SoftGrid 4.2 might have to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, see the Application Virtualization TechCenter article at [Support for .NET in Microsoft Application Virtualization 4.5](https://go.microsoft.com/fwlink/?LinkId=123412) (https://go.microsoft.com/fwlink/?LinkId=123412).
 
 ### <a href="" id="after-client-upgrade-from-app-v-4-2--some-applications-are-not-shown-"></a>After client upgrade from App-V 4.2, some applications are not shown
 
@@ -192,7 +192,7 @@ Application Virtualization administrators must have Read and Execute permissions
 
 When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION.
 
-WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1, and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. You can download the ADM Template from the Microsoft DownLoad Center at [Microsoft Application Virtualization Administrative Template (ADM Template)](http://go.microsoft.com/fwlink/?LinkId=121835) (http://go.microsoft.com/fwlink/?LinkId=121835).
+WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1, and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. You can download the ADM Template from the Microsoft DownLoad Center at [Microsoft Application Virtualization Administrative Template (ADM Template)](https://go.microsoft.com/fwlink/?LinkId=121835) (https://go.microsoft.com/fwlink/?LinkId=121835).
 
 ### Release Notes Copyright Information
 
diff --git a/mdop/appv-v4/app-v-46-release-notes.md b/mdop/appv-v4/app-v-46-release-notes.md
index 81d8a1852e..854a3c4ca1 100644
--- a/mdop/appv-v4/app-v-46-release-notes.md
+++ b/mdop/appv-v4/app-v-46-release-notes.md
@@ -23,7 +23,7 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security Web site](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security Web site](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with Application Virtualization 4.6
 
diff --git a/mdop/appv-v4/app-v-46-sp1-release-notes.md b/mdop/appv-v4/app-v-46-sp1-release-notes.md
index 80d4220900..6b315e90ba 100644
--- a/mdop/appv-v4/app-v-46-sp1-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp1-release-notes.md
@@ -23,7 +23,7 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with Application Virtualization 4.6 SP1
 
diff --git a/mdop/appv-v4/app-v-46-sp2-release-notes.md b/mdop/appv-v4/app-v-46-sp2-release-notes.md
index f2414f7825..a9e792b831 100644
--- a/mdop/appv-v4/app-v-46-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp2-release-notes.md
@@ -22,7 +22,7 @@ These release notes contain information that is required to successfully install
 ## About the Product Documentation
 
 
-For more information about documentation for App-V, see the [Application Virtualization](http://go.microsoft.com/fwlink/?LinkID=232982) page on Microsoft TechNet.
+For more information about documentation for App-V, see the [Application Virtualization](https://go.microsoft.com/fwlink/?LinkID=232982) page on Microsoft TechNet.
 
 ## Providing feedback
 
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## <a href="" id="known-issues-with-app-v-4-6-sp2-"></a>Known Issues with App-V 4.6 SP2
 
diff --git a/mdop/appv-v4/app-v-46-sp3-release-notes.md b/mdop/appv-v4/app-v-46-sp3-release-notes.md
index f3b3bbd638..53e91e93f6 100644
--- a/mdop/appv-v4/app-v-46-sp3-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp3-release-notes.md
@@ -20,7 +20,7 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with Application Virtualization 4.6 SP3
 
diff --git a/mdop/appv-v4/app-v-client-registry-values-sp1.md b/mdop/appv-v4/app-v-client-registry-values-sp1.md
index d1abb66e68..ce05856766 100644
--- a/mdop/appv-v4/app-v-client-registry-values-sp1.md
+++ b/mdop/appv-v4/app-v-client-registry-values-sp1.md
@@ -86,7 +86,7 @@ The following table provides information about the registry values associated wi
 <td align="left"><p>Controls which messages are written to the log. The value indicates a threshold of what is logged—everything less than or equal to that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.</p>
 <p>Value Range: 0x0 = None, 0x1 = Critical, 0x2 = Error, 0x3 = Warning, 0x4 = Information (Default), 0x5 = Verbose.</p>
 <p>The log level is configurable from the Application Virtualization (App-V) client console and from the command prompt. At a command prompt, the command sftlist.exe /verboselog will increase the log level to verbose. For more information on command-line details see</p>
-<p>http://go.microsoft.com/fwlink/?LinkId=141467http://go.microsoft.com/fwlink/?LinkId=141467</p>
+<p>https://go.microsoft.com/fwlink/?LinkId=141467https://go.microsoft.com/fwlink/?LinkId=141467</p>
 <p>.</p></td>
 </tr>
 <tr class="odd">
diff --git a/mdop/appv-v4/app-v-desktop-client-security.md b/mdop/appv-v4/app-v-desktop-client-security.md
index 1ac437a216..24bf4ce063 100644
--- a/mdop/appv-v4/app-v-desktop-client-security.md
+++ b/mdop/appv-v4/app-v-desktop-client-security.md
@@ -56,7 +56,7 @@ When using the ADM Template, remember that the settings are Group Policy prefere
 
  
 
-For a full description of the ADM Template, the specific settings, and guidance to successfully deploy clients in your environment, see the App-V ADM Template white paper at [http://go.microsoft.com/fwlink/LinkId=122063](http://go.microsoft.com/fwlink/?LinkId=122063).
+For a full description of the ADM Template, the specific settings, and guidance to successfully deploy clients in your environment, see the App-V ADM Template white paper at [https://go.microsoft.com/fwlink/LinkId=122063](https://go.microsoft.com/fwlink/?LinkId=122063).
 
 ## Removing OSD File Type Associations
 
diff --git a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
index 19861182b0..30fcea79ef 100644
--- a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
+++ b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
@@ -16,7 +16,7 @@ ms.prod: w8
 Version 4.5 SP1 of the Microsoft Application Virtualization (App-V) client supports the AppLocker feature of Windows 7. The AppLocker feature enables IT administrators to specify which applications are restricted from running on computers. This document describes how to configure the AppLocker rules to work with the App-V virtual environment and virtualized applications.
 
 **Note**  
-Windows AppLocker must first be enabled before configuring Windows AppLocker rules for virtual applications. For more information about enabling Windows AppLocker, [Windows AppLocker](http://go.microsoft.com/fwlink/?LinkId=156732) (http://go.microsoft.com/fwlink/?LinkId=156732).
+Windows AppLocker must first be enabled before configuring Windows AppLocker rules for virtual applications. For more information about enabling Windows AppLocker, [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkId=156732) (https://go.microsoft.com/fwlink/?LinkId=156732).
 
  
 
diff --git a/mdop/appv-v4/app-v-pre-installation-checklist.md b/mdop/appv-v4/app-v-pre-installation-checklist.md
index 4986b4222b..1a675afc30 100644
--- a/mdop/appv-v4/app-v-pre-installation-checklist.md
+++ b/mdop/appv-v4/app-v-pre-installation-checklist.md
@@ -52,7 +52,7 @@ The following checklist is intended to provide a high-level list of items to con
 </tr>
 <tr class="odd">
 <td align="left"><p>Install Microsoft SQL Server 2008.</p></td>
-<td align="left"><p>[Install SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=181924) (http://go.microsoft.com/fwlink/?LinkId=181924).</p></td>
+<td align="left"><p>[Install SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=181924) (https://go.microsoft.com/fwlink/?LinkId=181924).</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/appv-v4/app-v-upgrade-checklist.md b/mdop/appv-v4/app-v-upgrade-checklist.md
index 1cc521ddb6..7e2266af13 100644
--- a/mdop/appv-v4/app-v-upgrade-checklist.md
+++ b/mdop/appv-v4/app-v-upgrade-checklist.md
@@ -81,7 +81,7 @@ Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or
 
 -   Any version 4.2 reports that were created and saved will be overwritten when the server is upgraded to version 4.5. If you have to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade.
 
--   For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](http://go.microsoft.com/fwlink/?LinkId=120358) (http://go.microsoft.com/fwlink/?LinkId=120358).
+-   For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358).
 
 ## <a href="" id="app-v-4-6-client-package-support-"></a>App-V 4.6 Client Package Support
 
diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
index c26601e8b8..b840409951 100644
--- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
+++ b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
@@ -85,16 +85,16 @@ The hardware requirements requirements are applicable to all versions.
 **Note**  
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) (http://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).
+-   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) (http://go.microsoft.com/fwlink/?LinkId=63266).
+-   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
  
 
 **Note**  
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=150700) (http://go.microsoft.com/fwlink/?LinkId=150700).
+-   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
  
 
@@ -149,9 +149,9 @@ The Application Virtualization (App-V) 4.6 Desktop Client supports 32-bit and 64
 **Note**  
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) (http://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).
+-   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) (http://go.microsoft.com/fwlink/?LinkId=63266).
+-   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 -   **Microsoft Application Error Reporting**—The installation program for this software is included in the **Support\\Watson** folder in the self-extracting archive file.
 
@@ -160,7 +160,7 @@ The following software prerequisites are installed automatically if you are usin
 **Note**  
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=150700) (http://go.microsoft.com/fwlink/?LinkId=150700).
+-   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
  
 
@@ -234,9 +234,9 @@ The hardware requirements requirements are applicable to all versions.
 **Note**  
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) (http://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).
+-   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) (http://go.microsoft.com/fwlink/?LinkId=63266).
+-   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 -   **Microsoft Application Error Reporting**—The installation program for this software is included in the **Support\\Watson** folder in the self-extracting archive file.
 
@@ -245,7 +245,7 @@ The following software prerequisites are installed automatically if you are usin
 **Note**  
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=150700) (http://go.microsoft.com/fwlink/?LinkId=150700).
+-   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
  
 
diff --git a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
index 6171672825..07c6eadf1c 100644
--- a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
+++ b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
@@ -285,7 +285,7 @@ The following table lists all available Microsoft Application Virtualization Cli
 <strong>Important</strong>  
 <p>If set to a value of 1, the following client installer command-line parameters are ignored:</p>
 <p><strong>SWICACHESIZE</strong>, <strong>MINFREESPACEMB</strong>, <strong>ALLOWINDEPENDENTFILESTREAMING</strong>, <strong>APPLICATIONSOURCEROOT</strong>, <strong>ICONSOURCEROOT</strong>, <strong>OSDSOURCEROOT</strong>, <strong>SYSTEMEVENTLOGLEVEL</strong>, <strong>SWIGLOBALDATA</strong>, <strong>DOTIMEOUTMINUTES</strong>, <strong>SWIFSDRIVE</strong>, <strong>AUTOLOADTARGET</strong>, <strong>AUTOLOADTRIGGERS</strong>, and <strong>SWIUSERDATA</strong>.</p>
-<p>For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([http://go.microsoft.com/fwlink/?LinkId=122939](http://go.microsoft.com/fwlink/?LinkId=122939)).</p>
+<p>For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([https://go.microsoft.com/fwlink/?LinkId=122939](https://go.microsoft.com/fwlink/?LinkId=122939)).</p>
 </div>
 <div>
  
diff --git a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
index be27f4388f..097da31e02 100644
--- a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
+++ b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
@@ -48,7 +48,7 @@ To set up the environment where SQL Servers use domain-based service accounts, y
 
 -   Linked servers
 
-For information about configuring Active Directory Domain Services when the SQL service uses a domain-based account, see <http://go.microsoft.com/fwlink/?LinkId=151968>.
+For information about configuring Active Directory Domain Services when the SQL service uses a domain-based account, see <https://go.microsoft.com/fwlink/?LinkId=151968>.
 
  
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
index 9d14275aea..34f4b265ea 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
@@ -38,7 +38,7 @@ The App-V certificate is submitted to a certification authority (CA) that is con
 
 This configuration is necessary only when using an NLB cluster. When the client connects to the server, it will connect using the fully qualified domain name (FQDN) of the NLB cluster and not the FQDN of an individual server. If you do not add the SAN property with the FQDN of the server nodes in the cluster, all client connections are refused because the common name of the certificate won’t match the server name.
 
-For more detailed information about configuring certificates with the SAN attribute, see <http://go.microsoft.com/fwlink/?LinkId=133228>.
+For more detailed information about configuring certificates with the SAN attribute, see <https://go.microsoft.com/fwlink/?LinkId=133228>.
 
 ## Related topics
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
index 1e904c03a9..50c237450f 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
@@ -35,7 +35,7 @@ The scenarios for obtaining and installing a certificate for App-V are as follow
 
 If a PKI infrastructure has been deployed, consult with the PKI administrators to acquire a certificate that complies with the requirements described in this topic. If a PKI infrastructure is not available, use a third-party CA to obtain a valid certificate.
 
-For step-by-step guidance for obtaining and installing a certificate, see <http://go.microsoft.com/fwlink/?LinkId=151969>.
+For step-by-step guidance for obtaining and installing a certificate, see <https://go.microsoft.com/fwlink/?LinkId=151969>.
 
 ## Related topics
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md b/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md
index 15f49413c8..41b7a484cd 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md
@@ -30,7 +30,7 @@ The name of the certificate must match the name of the server. It is a best prac
 
  
 
-App-V can use IIS servers to support different infrastructure configurations. For more information about configuring IIS servers to support HTTPS, see <http://go.microsoft.com/fwlink/?LinkId=151972>.
+App-V can use IIS servers to support different infrastructure configurations. For more information about configuring IIS servers to support HTTPS, see <https://go.microsoft.com/fwlink/?LinkId=151972>.
 
 ## Related topics
 
diff --git a/mdop/appv-v4/configuring-iis-for-secure-streaming.md b/mdop/appv-v4/configuring-iis-for-secure-streaming.md
index b5b3018970..32b9bd5155 100644
--- a/mdop/appv-v4/configuring-iis-for-secure-streaming.md
+++ b/mdop/appv-v4/configuring-iis-for-secure-streaming.md
@@ -18,9 +18,9 @@ With the release of Microsoft Application Virtualization (App-V) version 4.5, yo
 **Note**  
 If you want to stream applications from a file server, you should enhance the security of the communications to the application packages. This can be achieved using IPsec. For more information see the following topics in the TechNet Library:
 
--   For Windows Server 2003, <http://go.microsoft.com/fwlink/?LinkId=133226>
+-   For Windows Server 2003, <https://go.microsoft.com/fwlink/?LinkId=133226>
 
--   For Windows Server 2008, <http://go.microsoft.com/fwlink/?LinkId=133227>
+-   For Windows Server 2008, <https://go.microsoft.com/fwlink/?LinkId=133227>
 
  
 
@@ -35,9 +35,9 @@ When you use IIS to stream virtual applications with HTTP or HTTPS, to support A
 
 Use the following KB articles as guidance for adding MIME types:
 
-IIS 6.0: <http://go.microsoft.com/fwlink/?LinkId=151973>
+IIS 6.0: <https://go.microsoft.com/fwlink/?LinkId=151973>
 
-IIS 7.0: <http://go.microsoft.com/fwlink/?LinkId=151977>
+IIS 7.0: <https://go.microsoft.com/fwlink/?LinkId=151977>
 
 ## Kerberos Authentication
 
diff --git a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
index bd51a8de61..9980c9e2c5 100644
--- a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
+++ b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
@@ -16,7 +16,7 @@ ms.prod: w8
 If you plan to use an electronic software distribution (ESD) solution to deploy virtual applications, it is important to understand the factors that go into and are affected by that decision. This topic describes the benefits of using an ESD-based scenario and provides information about the publishing and package streaming methods that you will need to consider as you proceed with your deployment.
 
 **Important**  
-Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or later, see the System Center Configuration Manager documentation at <http://go.microsoft.com/fwlink/?LinkId=66999>.
+Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or later, see the System Center Configuration Manager documentation at <https://go.microsoft.com/fwlink/?LinkId=66999>.
 
  
 
diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
index b57bb891ef..b883b5b994 100644
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
@@ -140,7 +140,7 @@ Although you can publish the applications by using several different methods, th
 ## How to Use Symbolic Links when Upgrading the Cache
 
 
-Instead of changing the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](http://go.microsoft.com/fwlink/?LinkId=157626) (http://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](http://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](http://go.microsoft.com/fwlink/?LinkId=182554) (http://go.microsoft.com/fwlink/?LinkId=182554).
+Instead of changing the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](https://go.microsoft.com/fwlink/?LinkId=157626) (https://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](https://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](https://go.microsoft.com/fwlink/?LinkId=182554) (https://go.microsoft.com/fwlink/?LinkId=182554).
 
 **To configure a symbolic link to reference the cache**
 
diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
index a36457280d..1d39c091ec 100644
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Configure a Read-only Cache on the App-V Client (VDI)
 
 
-In Microsoft Application Virtualization (App-V) 4.6 the Client supports using a shared read-only cache. The shared read-only cache enables the Client to use disk space efficiently in a Virtual Desktop Infrastructure (VDI) system, where users run applications on Virtual Machines (VM) that are hosted in a data center server environment and share network storage on a Storage Area Network (SAN). The following procedures provide an overview of the process that is required to implement the App-V Client in either of the primary VDI architectures, known as “Pooled VM” or “Static VM”. It is assumed that you are familiar with the planning, deployment, and operation of the App-V system and its components, and also the operation and management of the VDI server. For more information about App-V, see [Application Virtualization](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939)
+In Microsoft Application Virtualization (App-V) 4.6 the Client supports using a shared read-only cache. The shared read-only cache enables the Client to use disk space efficiently in a Virtual Desktop Infrastructure (VDI) system, where users run applications on Virtual Machines (VM) that are hosted in a data center server environment and share network storage on a Storage Area Network (SAN). The following procedures provide an overview of the process that is required to implement the App-V Client in either of the primary VDI architectures, known as “Pooled VM” or “Static VM”. It is assumed that you are familiar with the planning, deployment, and operation of the App-V system and its components, and also the operation and management of the VDI server. For more information about App-V, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939)
 
 **Note**  
 The details outlined in these procedures are intended as examples only. You might use different methods to complete the overall process.
@@ -151,7 +151,7 @@ Although you can publish the applications by using several different methods, th
 ## How to Use Symbolic Links when Upgrading the Cache
 
 
-Instead of modifying the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](http://go.microsoft.com/fwlink/?LinkId=157626) (http://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](http://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](http://go.microsoft.com/fwlink/?LinkId=182554) (http://go.microsoft.com/fwlink/?LinkId=182554).
+Instead of modifying the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](https://go.microsoft.com/fwlink/?LinkId=157626) (https://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](https://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](https://go.microsoft.com/fwlink/?LinkId=182554) (https://go.microsoft.com/fwlink/?LinkId=182554).
 
 **To configure a symbolic link to reference the cache**
 
diff --git a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
index 381bb8e72c..2ca3425059 100644
--- a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
@@ -24,17 +24,17 @@ This procedure is written for administrators who are familiar with setting up an
 
 1.  Set up SQL Server database mirroring of the App-V database following your standard business practices for database mirroring. Use the following links for general information about implementing Microsoft SQL Server database mirroring:
 
-    -   **Microsoft SQL 2005**—[Setting Up Database Mirroring](http://go.microsoft.com/fwlink/?LinkId=187478) (http://go.microsoft.com/fwlink/?LinkId=187478)
+    -   **Microsoft SQL 2005**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187478) (https://go.microsoft.com/fwlink/?LinkId=187478)
 
-    -   **Microsoft SQL 2008**—[Setting Up Database Mirroring](http://go.microsoft.com/fwlink/?LinkId=187477) (http://go.microsoft.com/fwlink/?LinkId=187477)
+    -   **Microsoft SQL 2008**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187477) (https://go.microsoft.com/fwlink/?LinkId=187477)
 
-    In addition, you can find Best Practices information in [Database Mirroring Best Practices and Performance Considerations](http://go.microsoft.com/fwlink/?LinkId=190270) (http://go.microsoft.com/fwlink/?LinkId=190270).
+    In addition, you can find Best Practices information in [Database Mirroring Best Practices and Performance Considerations](https://go.microsoft.com/fwlink/?LinkId=190270) (https://go.microsoft.com/fwlink/?LinkId=190270).
 
-2.  After mirroring has been set up, verify that the App-V database shows a status of **(Principal, Synchronized)**, and the mirrored database shows a status of **(Mirror, Synchronized / Restoring)**. Resolve any mirroring issues before proceeding to the next step. For additional information about monitoring the status, see [Monitoring Mirroring Status](http://go.microsoft.com/fwlink/?LinkId=190279) (http://go.microsoft.com/fwlink/?LinkId=190279).
+2.  After mirroring has been set up, verify that the App-V database shows a status of **(Principal, Synchronized)**, and the mirrored database shows a status of **(Mirror, Synchronized / Restoring)**. Resolve any mirroring issues before proceeding to the next step. For additional information about monitoring the status, see [Monitoring Mirroring Status](https://go.microsoft.com/fwlink/?LinkId=190279) (https://go.microsoft.com/fwlink/?LinkId=190279).
 
 3.  On the SQL Server computer that hosts the mirror of the App-V database, create the SQL Server Login for the network service account of the App-V Management Server by using the account name **&lt;domain&gt;\\&lt;ManagementServerHostName&gt;$**.
 
-4.  Install the Microsoft SQL Server Native Client on the App-V Management Server, and on the computer running the App-V Management Web Service if installed on a different computer. If you plan to have additional App-V Management Servers connect to the mirrored SQL database for load balancing, you must install the Microsoft SQL Server Native Client on those computers as well. You can download the Microsoft SQL Server Native Client from the [Microsoft SQL Server 2008 Feature Pack](http://go.microsoft.com/fwlink/?LinkId=187479) page in the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=187479).
+4.  Install the Microsoft SQL Server Native Client on the App-V Management Server, and on the computer running the App-V Management Web Service if installed on a different computer. If you plan to have additional App-V Management Servers connect to the mirrored SQL database for load balancing, you must install the Microsoft SQL Server Native Client on those computers as well. You can download the Microsoft SQL Server Native Client from the [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=187479) page in the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=187479).
 
 5.  Check the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLServerName** and make sure that it contains only the host name of the SQL Server. If it includes an instance name, for example *serverhostname\\instancename*, the instance name must be removed.
 
@@ -58,7 +58,7 @@ This procedure is written for administrators who are familiar with setting up an
     -   Click the **All** tab, and then select the entry **Failover Partner**. Click **Edit Value**, and then enter the server name of the failover SQL Server. Click **OK**.
 
     **Important**  
-    The App-V system uses Kerberos authentication. Therefore, when you configure SQL mirroring where Kerberos Authentication is enabled on the SQL Server and the SQL Server service runs under a domain user account, you must manually configure an SPN. For more information, see “When SQL Service Uses Domain-Based Account” in the article [Configuring App-V Administration for a Distributed Environment](http://go.microsoft.com/fwlink/?LinkId=203186) (http://go.microsoft.com/fwlink/?LinkId=203186).
+    The App-V system uses Kerberos authentication. Therefore, when you configure SQL mirroring where Kerberos Authentication is enabled on the SQL Server and the SQL Server service runs under a domain user account, you must manually configure an SPN. For more information, see “When SQL Service Uses Domain-Based Account” in the article [Configuring App-V Administration for a Distributed Environment](https://go.microsoft.com/fwlink/?LinkId=203186) (https://go.microsoft.com/fwlink/?LinkId=203186).
 
      
 
diff --git a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
index 4bc97b888f..4e744f991f 100644
--- a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
@@ -21,7 +21,7 @@ After the Application Virtualization (App-V) Client has been deployed and config
 
 -   Using a scripting language such as VBScript or Windows PowerShell
 
-There is also an ADM template that you can use. For more information about the ADM template, see <http://go.microsoft.com/fwlink/?LinkId=121835>.
+There is also an ADM template that you can use. For more information about the ADM template, see <https://go.microsoft.com/fwlink/?LinkId=121835>.
 
 **Caution**  
 Use care when you edit the registry because errors can leave the computer in an unusable state. Be sure to follow your standard business practices that relate to registry edits. Thoroughly test all proposed changes in a test environment before you deploy them to production computers.
diff --git a/mdop/appv-v4/how-to-configure-user-permissions.md b/mdop/appv-v4/how-to-configure-user-permissions.md
index 062e47ecaa..629ffaef76 100644
--- a/mdop/appv-v4/how-to-configure-user-permissions.md
+++ b/mdop/appv-v4/how-to-configure-user-permissions.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Configure User Permissions
 
 
-You can enable and disable some actions for users who do not have administrative rights by editing the key values under the **Permissions** registry key (HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions). This key is primarily designed to help prevent users from making mistakes rather than to provide any special security, because users with administrative rights can edit any of these key values. The following procedures are examples of how to change the key values. For more information about the Application Virtualization (App-V) Client registry keys and values, see <http://go.microsoft.com/fwlink/?LinkId=121528>.
+You can enable and disable some actions for users who do not have administrative rights by editing the key values under the **Permissions** registry key (HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions). This key is primarily designed to help prevent users from making mistakes rather than to provide any special security, because users with administrative rights can edit any of these key values. The following procedures are examples of how to change the key values. For more information about the Application Virtualization (App-V) Client registry keys and values, see <https://go.microsoft.com/fwlink/?LinkId=121528>.
 
 **To change user permissions**
 
diff --git a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
index 222433549f..0dda96e157 100644
--- a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Configure Windows Server 2008 Firewall for App-V
 
 
-With the introduction of Windows Server 2008, the firewall and IPsec components were merged into one service, and the capabilities of this service were enhanced. The new firewall service supports incoming and outgoing stateful inspection. Also, you can configure specific firewall rules and IPsec policies through group policies. For additional information about the Windows firewall in Windows Server 2008, see <http://go.microsoft.com/fwlink/?LinkId=151980>.
+With the introduction of Windows Server 2008, the firewall and IPsec components were merged into one service, and the capabilities of this service were enhanced. The new firewall service supports incoming and outgoing stateful inspection. Also, you can configure specific firewall rules and IPsec policies through group policies. For additional information about the Windows firewall in Windows Server 2008, see <https://go.microsoft.com/fwlink/?LinkId=151980>.
 
 The following procedure does not include adding an exception for ICO and OSD publishing through SMB or HTTP/HTTPS. Those exceptions are automatically added based on the network profile and roles installed on the Windows Server 2008 firewall.
 
diff --git a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
index fa1078f6d6..aa0122d615 100644
--- a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
+++ b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
@@ -22,15 +22,15 @@ You must connect the Application Virtualization Server Management Console to an
     **Note**  
     There are three components to Application Virtualization server management: the Application Virtualization Management Console, the Management Web Service, and the SQL Datastore. If these components are distributed across different physical machines, you must configure security properly for the components to communicate across the system. For more information, see the following manuals and articles:
 
-    [How to Configure the Server to be Trusted for Delegation](http://go.microsoft.com/fwlink/?LinkID=166682) (http://go.microsoft.com/fwlink/?LinkID=166682)
+    [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkID=166682) (https://go.microsoft.com/fwlink/?LinkID=166682)
 
-    [Planning and Deployment Guide for the Application Virtualization System](http://go.microsoft.com/fwlink/?LinkID=122063) (http://go.microsoft.com/fwlink/?LinkID=122063)
+    [Planning and Deployment Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=122063) (https://go.microsoft.com/fwlink/?LinkID=122063)
 
-    [Operations Guide for the Application Virtualization System](http://go.microsoft.com/fwlink/?LinkID=133129) (http://go.microsoft.com/fwlink/?LinkID=133129)
+    [Operations Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=133129) (https://go.microsoft.com/fwlink/?LinkID=133129)
 
-    [Article 930472](http://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=114647)
+    [Article 930472](https://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114647)
 
-    [Article 930565](http://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=114648)
+    [Article 930565](https://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114648)
 
      
 
diff --git a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
index 3dbb001d9a..509609cc59 100644
--- a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
@@ -41,12 +41,12 @@ Use the following table to determine which type of application you should sequen
 </tr>
 <tr class="even">
 <td align="left"><p>Add-on or Plug-in</p></td>
-<td align="left"><p>Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkId=203804) (http://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
+<td align="left"><p>Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
 <td align="left"><p>[How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)](how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Middleware</p></td>
-<td align="left"><p>Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkId=203804) (http://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
+<td align="left"><p>Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
 <td align="left"><p>[How to Sequence a New Middleware Application (App-V 4.6 SP1)](how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md)</p></td>
 </tr>
 </tbody>
diff --git a/mdop/appv-v4/how-to-install-a-database.md b/mdop/appv-v4/how-to-install-a-database.md
index ed8d0ddb38..392f11afda 100644
--- a/mdop/appv-v4/how-to-install-a-database.md
+++ b/mdop/appv-v4/how-to-install-a-database.md
@@ -44,7 +44,7 @@ To install the database, you must use a network account with the appropriate per
 8.  Select a name for the database, and then click **Next**.
 
     **Note**  
-    If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see <http://go.microsoft.com/fwlink/?LinkId=132144>.
+    If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see <https://go.microsoft.com/fwlink/?LinkId=132144>.
 
      
 
diff --git a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
index f7276d6353..2be69b363b 100644
--- a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
+++ b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
@@ -27,7 +27,7 @@ The x86 versions of the following software are required for both x86 and x64 ver
 
 **To install Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**
 
-1.  Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=119961). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\]
+1.  Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=119961). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\]
 
 2.  To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**.
 
@@ -42,7 +42,7 @@ For version 4.6 and later of the App-V client, you must also install the Micros
 
 ****
 
-1.  Download the [Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=150700) software package from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=150700).
+1.  Download the [Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=150700) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=150700).
 
 2.  To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**.
 
@@ -50,7 +50,7 @@ For version 4.6 and later of the App-V client, you must also install the Micros
 
 ****
 
-1.  Download the [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) software package from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=63266).
+1.  Download the [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 2.  To install silently, use the command-line option /quiet—for example, **msiexec /i msxml6\_x86.msi /quiet**.
 
@@ -130,7 +130,7 @@ For App-V 4.6 SP2 and later, you no longer need to install Microsoft Applicati
 ¹ App-V “Languages” release.
 
 **Note**  
-If you need to find the product code, you can use the Orca.exe database editor or a similar tool to examine Windows Installer files to find the value of the *ProductCode* property. For more information about using Orca.exe, see [Windows Installer Development Tools](http://go.microsoft.com/fwlink/?LinkId=150008) (http://go.microsoft.com/fwlink/?LinkId=150008).
+If you need to find the product code, you can use the Orca.exe database editor or a similar tool to examine Windows Installer files to find the value of the *ProductCode* property. For more information about using Orca.exe, see [Windows Installer Development Tools](https://go.microsoft.com/fwlink/?LinkId=150008) (https://go.microsoft.com/fwlink/?LinkId=150008).
 
  
 
diff --git a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
index 1aa3391b31..79b0480381 100644
--- a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
+++ b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
@@ -22,7 +22,7 @@ When you install the App-V client to use with a read-only cache, for example wit
 
  
 
-For more information about setting these parameter values after installation, see [How to Configure the App-V Client Registry Settings by Using the Command Line](http://go.microsoft.com/fwlink/?LinkId=169355) (http://go.microsoft.com/fwlink/?LinkId=169355) in the Application Virtualization (App-V) Operations Guide.
+For more information about setting these parameter values after installation, see [How to Configure the App-V Client Registry Settings by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=169355) (https://go.microsoft.com/fwlink/?LinkId=169355) in the Application Virtualization (App-V) Operations Guide.
 
 **Note**  
 If a configuration setting on the user’s computer depends on the client installation path, note that the Application Virtualization (App-V) 4.5 client copies its installation files to a different folder than previous versions did. By default, a new installation of the App-V 4.5 client will copy its installation files to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, running the App-V 4.5 client installer will perform an upgrade of the existing client using the existing installation folder.
diff --git a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
index 3ae240b774..cb5f03e6a3 100644
--- a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
@@ -16,7 +16,7 @@ ms.prod: w8
 To effectively manage the Application Virtualization System, you can use the Application Virtualization Server Management Console to generate a variety of reports that provide information about the system. This information includes daily usage information for a specific application or all applications, and system error tracking.
 
 **Note**  
--   During installation, the installation script installs only the English language version of report viewer. For the report viewer to display the correct information in other languages, it is necessary to install a language pack from the following location: <http://go.microsoft.com/fwlink/?LinkId=131645>.
+-   During installation, the installation script installs only the English language version of report viewer. For the report viewer to display the correct information in other languages, it is necessary to install a language pack from the following location: <https://go.microsoft.com/fwlink/?LinkId=131645>.
 
 -   When you add or edit an application in the Server Management Console, you must make sure that the application names and versions exactly match those in the OSD files. The reporting feature uses the application names and versions data fields when it identifies application usage data on which to report. If the data fields do not match, the usage records will be skipped.
 
diff --git a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
index 04478ab1e2..d677286608 100644
--- a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
+++ b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
@@ -48,7 +48,7 @@ For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL
     **Note**  
     For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
 
-    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see <http://go.microsoft.com/fwlink/?LinkId=150700> (http://go.microsoft.com/fwlink/?LinkId=150700).
+    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see <https://go.microsoft.com/fwlink/?LinkId=150700> (https://go.microsoft.com/fwlink/?LinkId=150700).
 
      
 
diff --git a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
index 340d259e7b..3f19a6ff37 100644
--- a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
+++ b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 To support a more secure App-V installation, you can use the following procedures to modify private keys in either Windows Server 2003 or Windows Server 2008. To modify the permissions of the private key, you can use the Windows Server 2003 Resource Kit tool `WinHttpCertCfg.exe`.
 
-For Windows Server 2003, the procedure requires that a certificate that meets the prerequisites listed in this document is installed on the computer or computers on which you will install the App-V Management or Streaming Server. Additional information about using the `WinHttpCertCfg.exe` tool is available at <http://go.microsoft.com/fwlink/?LinkId=151981>.
+For Windows Server 2003, the procedure requires that a certificate that meets the prerequisites listed in this document is installed on the computer or computers on which you will install the App-V Management or Streaming Server. Additional information about using the `WinHttpCertCfg.exe` tool is available at <https://go.microsoft.com/fwlink/?LinkId=151981>.
 
 In Windows Server 2008, the process of changing the ACLs on the private key is much simpler. The certificate’s user interface can be used to manage private key permissions.
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
index 7f9d8a6238..e4ee46311b 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 Use the following procedure to create a new middleware virtual application package using the Application Virtualization (App-V) Sequencer. A middleware application is software that connects software modules or applications. For more information about the types of applications that you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md).
 
-Use this type of package by using Dynamic Suite Composition in App-V. Dynamic Suite Composition enables you to define a virtual application package as being dependent on another virtual application package. The dependency enables the application to interact with the middleware or plug-in in the virtual environment, where typically this interaction is prevented. This is useful because a secondary application package can be used with several other primary applications, which enables each primary application to reference the same secondary package. For more information about how to use Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409).
+Use this type of package by using Dynamic Suite Composition in App-V. Dynamic Suite Composition enables you to define a virtual application package as being dependent on another virtual application package. The dependency enables the application to interact with the middleware or plug-in in the virtual environment, where typically this interaction is prevented. This is useful because a secondary application package can be used with several other primary applications, which enables each primary application to reference the same secondary package. For more information about how to use Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409).
 
 **Important**  
 During sequencing, if the computer running the App-V Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, App-V Sequencer successfully records the restart while the application is being sequenced.
diff --git a/mdop/appv-v4/how-to-use-the-differential-sft-file.md b/mdop/appv-v4/how-to-use-the-differential-sft-file.md
index 356e75ae96..4eaab255ce 100644
--- a/mdop/appv-v4/how-to-use-the-differential-sft-file.md
+++ b/mdop/appv-v4/how-to-use-the-differential-sft-file.md
@@ -19,7 +19,7 @@ You do not need to use the Differential SFT file if you are using Configuration
 
 The following procedure shows how to use the mkdiffpkg.exe that is included in the Sequencer installation to create the Differential SFT file, after completing the upgrade of the virtual application package, and to deploy the Differential SFT file. Completing this procedure helps ensure that if the package is somehow unloaded from the client computer, the next time the user tries to run the application, the client will fall back to the override URL, which is set to stream the full package V2.sft from the local file share. This will avoid any failure for the user when starting the application. If the entire client becomes corrupted or is uninstalled, it is recommended that the ESD system be configured to deploy the full version of the upgraded package, V2.sft, to the client.
 
-For more information about upgrading a package, see “How to Upgrade an Existing Virtual Application” in the App-V 4.5 Operations Guide at <http://go.microsoft.com/fwlink/?LinkId=133129>
+For more information about upgrading a package, see “How to Upgrade an Existing Virtual Application” in the App-V 4.5 Operations Guide at <https://go.microsoft.com/fwlink/?LinkId=133129>
 
 **Note**  
 As a prerequisite, all user computers being targeted by the ESD must have the V1.sft file fully loaded into their local cache, and file streaming must be enabled on all computers.
diff --git a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
index dfb29159d0..76c7a6b830 100644
--- a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
+++ b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
@@ -29,7 +29,7 @@ When you prepare to install or configure a secure Management or Streaming Server
 -   The certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling `RTSPS://Myserver.mycompany.com/content/MyApp.sft` and the certificate **Issued To** field is set to `Server1.mycompany.com`, the client will not connect to the server and the session ends. The failure is reported to the user.
 
     **Note**  
-    If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <http://go.microsoft.com/fwlink/?LinkId=133228>.
+    If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <https://go.microsoft.com/fwlink/?LinkId=133228>.
 
      
 
diff --git a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
index 3afca7b8ac..2f098de85a 100644
--- a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
+++ b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
@@ -19,9 +19,9 @@ App-V 4.5 supports Internet-facing server scenarios, in which users who are not
 
 You can set up an Internet-facing solution, using an ISA Server, where the App-V infrastructure is on the internal network in the following ways:
 
--   Create a Web Publishing rule for the IIS server that is hosting the ICO and OSD files—and optionally, the packages for streaming—located on the internal network. Detailed steps are provided at <http://go.microsoft.com/fwlink/?LinkId=151982>.
+-   Create a Web Publishing rule for the IIS server that is hosting the ICO and OSD files—and optionally, the packages for streaming—located on the internal network. Detailed steps are provided at <https://go.microsoft.com/fwlink/?LinkId=151982>.
 
--   Create a Server Publishing rule for the App-V Web Management Server (RTSPS). Detailed steps are provided at [http://go.microsoft.com/fwlink/?LinkId=151983&](http://go.microsoft.com/fwlink/?LinkId=151983).
+-   Create a Server Publishing rule for the App-V Web Management Server (RTSPS). Detailed steps are provided at [https://go.microsoft.com/fwlink/?LinkId=151983&](https://go.microsoft.com/fwlink/?LinkId=151983).
 
 As shown in the following illustration, if the infrastructure has implemented other firewalls between the client and the ISA Server or between the ISA Server and the internal network, both RTSPS (TCP 322) and HTTPS (TCP 443) firewall rules must be created to support the flow of traffic. Also, if firewalls have been implemented between the ISA Server and the internal network, the default traffic required for domain members must be permitted to tunnel through the firewall (DNS, LDAP, Kerberos, SMB/CIFS).
 
diff --git a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
index adec680218..af5992e3ff 100644
--- a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
+++ b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
@@ -16,7 +16,7 @@ ms.prod: w8
 This Microsoft Application Virtualization (App-V) security guide provides instructions for administrators who are responsible for configuring the security features that were selected for the App-V deployment.
 
 **Note**  
-This documentation does not provide guidance for choosing the specific security options. That information is provided in the App-V Security Best Practices white paper available at <http://go.microsoft.com/fwlink/?LinkId=127120>.
+This documentation does not provide guidance for choosing the specific security options. That information is provided in the App-V Security Best Practices white paper available at <https://go.microsoft.com/fwlink/?LinkId=127120>.
 
  
 
@@ -40,9 +40,9 @@ When planning an enhanced security App-V environment, you can consider several d
 **Note**  
 For more information about App-V infrastructure models, see the following documentation:
 
--   [App-V Planning and Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=122063)
+-   [App-V Planning and Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=122063)
 
--   [Infrastructure Planning and Design Guide Series](http://go.microsoft.com/fwlink/?LinkId=151986)
+-   [Infrastructure Planning and Design Guide Series](https://go.microsoft.com/fwlink/?LinkId=151986)
 
  
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
index 7afd24e30d..23fb3c6739 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
@@ -76,7 +76,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 ### Information Collected, Processed, or Transmitted:
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=52097>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
 
 ### Use of Information:
 
@@ -99,7 +99,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 ### Information Collected, Processed, or Transmitted:
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?LinkID=184782>.
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?LinkID=184782>.
 
 ### Use of Information:
 
@@ -107,7 +107,7 @@ We use the error reporting data to solve customer problems and improve our softw
 
 ### Important Information:
 
-App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send the information described above. Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at [http://go.microsoft.com/fwlink/?LinkId=35776](http://go.microsoft.com/fwlink/?LinkID=35776).
+App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send the information described above. Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at [https://go.microsoft.com/fwlink/?LinkId=35776](https://go.microsoft.com/fwlink/?LinkID=35776).
 
 ## Application Package Accelerators
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
index b0491f8e4e..302e639e9f 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
@@ -74,7 +74,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 **Information Collected, Processed, or Transmitted: **
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?linkid=50293>.
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?linkid=50293>.
 
 **Use of Information:**
 
@@ -92,7 +92,7 @@ Enterprise customers can use Group Policy to configure how Microsoft Error Repor
 
 **What This Feature Does:**
 
-Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?linkid=50142>.
+Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?linkid=50142>.
 
 **Choice/Control: **
 
@@ -176,7 +176,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 **Information Collected, Processed, or Transmitted: **
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=52097>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
 
 **Use of Information:**
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
index ee0e6c8fb8..0540f12a76 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
@@ -17,7 +17,7 @@ The Microsoft Application Virtualization Desktop Client and the Client for Remot
 
 This help documentation supports the Application Virtualization Desktop Client and Client for Remote Desktop Services. It includes conceptual information, step-by-step procedures, and a user interface reference.
 
-For the latest updates to this help documentation, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=150698>.
+For the latest updates to this help documentation, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=150698>.
 
 ## In This Section
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
index 81c5d1af3f..9d99351b50 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
@@ -20,35 +20,35 @@ Read these Release Notes thoroughly before you install the Application Virtualiz
 
  
 
-For updated information about known issues, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=122918>.
+For updated information about known issues, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=122918>.
 
 ## About Microsoft Application Virtualization 4.5 Service Pack 1
 
 
 These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization (App-V) 4.5 Service Pack 1 (SP1). This service pack contains the following changes:
 
--   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support is for the Application Virtualization Server only. For more information on AppLocker support in Windows 7, see <http://go.microsoft.com/fwlink/?LinkID=156732>.
+-   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support is for the Application Virtualization Server only. For more information on AppLocker support in Windows 7, see <https://go.microsoft.com/fwlink/?LinkID=156732>.
 
--   Support for 3rd Party Kerberos Realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario that is common at many universities. For information on how to enable this support, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=166004>.
+-   Support for 3rd Party Kerberos Realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario that is common at many universities. For information on how to enable this support, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=166004>.
 
 -   Improved support for application publishing and streaming via HTTP/HTTPS: App-V 4.5 SP1 provides support for application publishing and streaming via the HTTP/HTTPS protocols for Windows XP Home Edition, Windows Vista Home Basic, and Windows 7 Home Basic.
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup up of fixes to address issues found since the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates are a result of a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see the KB article at <http://go.microsoft.com/fwlink/?LinkId=167121>.
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup up of fixes to address issues found since the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates are a result of a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see the KB article at <https://go.microsoft.com/fwlink/?LinkId=167121>.
 
 ## About the Product Documentation
 
 
-Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <http://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
+Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <https://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <http://go.microsoft.com/fwlink/?LinkId=3482>.
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <https://go.microsoft.com/fwlink/?LinkId=3482>.
 
 ## Providing Feedback
 
 
-You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<http://go.microsoft.com/fwlink/?LinkId=122917>).
+You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<https://go.microsoft.com/fwlink/?LinkId=122917>).
 
 You can also provide your feedback on the documentation directly to the App-V documentation team. Send your documentation feedback to appvdocs@microsoft.com.
 
@@ -59,13 +59,13 @@ This section provides the most up-to-date information about issues with Microsof
 
 ### Guidance for installing Server Management Console
 
-If you need to install management software onto systems other than the primary Application Virtualization publishing and streaming server, the server install supports installing the Management Console and Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed. For information on how to enable this support, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=166682>
+If you need to install management software onto systems other than the primary Application Virtualization publishing and streaming server, the server install supports installing the Management Console and Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed. For information on how to enable this support, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=166682>
 
 ### Guidance for installing or upgrading clients to App-V 4.5 SP1 using setup.msi
 
 When installing or upgrading your App-V clients to App-V 4.5 SP1 by using setup.msi, the prerequisites are not installed automatically.
 
-WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to App-V 4.5 SP1. For detailed procedures for installing the prerequisites and the App-V client, see <http://go.microsoft.com/fwlink/?LinkId=144106>.
+WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to App-V 4.5 SP1. For detailed procedures for installing the prerequisites and the App-V client, see <https://go.microsoft.com/fwlink/?LinkId=144106>.
 
 When this has been completed, install the App-V 4.5 SP1 client by using setup.msi with elevated privileges. This file is available on the App-V 4.5 SP1 release media in the Installers\\Client folder.
 
@@ -158,11 +158,11 @@ When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of pack
 
     Setspn -r HTTP/&lt;Server FQDN&gt;
 
-For more information, see <http://go.microsoft.com/fwlink/?LinkId=131407>.
+For more information, see <https://go.microsoft.com/fwlink/?LinkId=131407>.
 
 ### .NET compatibility changes
 
-Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <http://go.microsoft.com/fwlink/?LinkId=123412>.
+Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <https://go.microsoft.com/fwlink/?LinkId=123412>.
 
 ### <a href="" id="after-client-upgrade-from-app-v-4-2--some-applications-are-not-shown-"></a>After client upgrade from App-V 4.2, some applications are not shown
 
@@ -192,7 +192,7 @@ The Application Virtualization administrators must be given read and execute per
 
 When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION.
 
-WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <http://go.microsoft.com/fwlink/?LinkId=121835>.
+WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <https://go.microsoft.com/fwlink/?LinkId=121835>.
 
 ## Release Notes Copyright Information
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
index 6aaec04ce5..4c9a41543a 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
@@ -20,7 +20,7 @@ Read these Release Notes thoroughly before you install the Application Virtualiz
 
  
 
-For updated information about known issues, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=122918>.
+For updated information about known issues, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=122918>.
 
 ## About Microsoft Application Virtualization 4.5 Cumulative Update 1
 
@@ -34,24 +34,24 @@ These Release Notes have been updated to reflect the changes introduced with Mic
 
      
 
--   Improved support for sequencing the .NET Framework: App-V 4.5 CU1 addresses previous issues with sequencing the .NET Framework 3.5 and earlier on Windows XP (SP2 or later). For more information about the new capabilities, see the TechNet article at <http://go.microsoft.com/fwlink/?LinkId=123412>.
+-   Improved support for sequencing the .NET Framework: App-V 4.5 CU1 addresses previous issues with sequencing the .NET Framework 3.5 and earlier on Windows XP (SP2 or later). For more information about the new capabilities, see the TechNet article at <https://go.microsoft.com/fwlink/?LinkId=123412>.
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 CU1 also includes a rollup up of fixes to address issues found since the App-V 4.5 RTM release. This includes a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the included updates, see the KB article at <http://go.microsoft.com/fwlink/?LinkId=141258>.
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 CU1 also includes a rollup up of fixes to address issues found since the App-V 4.5 RTM release. This includes a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the included updates, see the KB article at <https://go.microsoft.com/fwlink/?LinkId=141258>.
 
 ## About the Product Documentation
 
 
-Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <http://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
+Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <https://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <http://go.microsoft.com/fwlink/?LinkId=3482>.
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <https://go.microsoft.com/fwlink/?LinkId=3482>.
 
 ## Providing Feedback
 
 
-You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<http://go.microsoft.com/fwlink/?LinkId=122917>).
+You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<https://go.microsoft.com/fwlink/?LinkId=122917>).
 
 You can also provide your feedback on the documentation directly to the App-V documentation team. Send your documentation feedback to appvdocs@microsoft.com.
 
@@ -64,7 +64,7 @@ This section provides the most up-to-date information about issues with Microsof
 
 When installing or upgrading your App-V clients to App-V 4.5 CU1 by using setup.msi, the prerequisites are not installed automatically.
 
-WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to 4.5 CU1. For detailed procedures for installing the prerequisites and the App-V client, see <http://go.microsoft.com/fwlink/?LinkId=144106>.
+WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to 4.5 CU1. For detailed procedures for installing the prerequisites and the App-V client, see <https://go.microsoft.com/fwlink/?LinkId=144106>.
 
 When this has been completed, install the App-V 4.5 CU1 client by using setup.msi with elevated privileges. This file is available on the App-V 4.5 CU1 release media in the Installers\\Client folder.
 
@@ -98,7 +98,7 @@ You must use the **Advanced** button to set the “Include inheritable permissio
 
 When sequencing on Windows 7 Beta, you might be unable to save your sequenced package because of a sharing violation.
 
-WORKAROUND   As specified in the best practices section of the Microsoft Application Virtualization 4.5 Sequencing Guide (see <http://go.microsoft.com/fwlink/?LinkId=144108>), you must shutdown and disable the following software programs before you begin sequencing:
+WORKAROUND   As specified in the best practices section of the Microsoft Application Virtualization 4.5 Sequencing Guide (see <https://go.microsoft.com/fwlink/?LinkId=144108>), you must shutdown and disable the following software programs before you begin sequencing:
 
 -   Windows Defender
 
@@ -198,7 +198,7 @@ When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of pack
 
     Setspn -r HTTP/&lt;Server FQDN&gt;
 
-For more information, see <http://go.microsoft.com/fwlink/?LinkId=131407>.
+For more information, see <https://go.microsoft.com/fwlink/?LinkId=131407>.
 
 ### On upgrade from RC, the default permissions on client logs do not allow for non-admin users to access the logs for troubleshooting and support
 
@@ -208,7 +208,7 @@ WORKAROUND   After the upgrade, reset existing client logs or manually change
 
 ### .NET compatibility changes
 
-Microsoft Application Virtualization Cumulative Update 1 supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <http://go.microsoft.com/fwlink/?LinkId=123412>.
+Microsoft Application Virtualization Cumulative Update 1 supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <https://go.microsoft.com/fwlink/?LinkId=123412>.
 
 ### <a href="" id="after-client-upgrade-from-app-v-4-2--some-applications-are-not-shown-"></a>After client upgrade from App-V 4.2, some applications are not shown
 
@@ -249,11 +249,11 @@ The Application Virtualization administrators must be given read and execute per
 
 When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION.
 
-WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <http://go.microsoft.com/fwlink/?LinkId=121835>.
+WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <https://go.microsoft.com/fwlink/?LinkId=121835>.
 
 ### Error initializing virtual applications with Symantec Endpoint Protection
 
-When using Symantec Endpoint Protection with the Application and Device Control feature enabled, virtual applications might fail to start, with the error “The application failed to initialize properly (0xc000007b)”. For details and workarounds, please refer to the Knowledge Base article at <http://go.microsoft.com/fwlink/?LinkId=125851>.
+When using Symantec Endpoint Protection with the Application and Device Control feature enabled, virtual applications might fail to start, with the error “The application failed to initialize properly (0xc000007b)”. For details and workarounds, please refer to the Knowledge Base article at <https://go.microsoft.com/fwlink/?LinkId=125851>.
 
 **Important**  
 This issue has been fixed in Microsoft Application Virtualization 4.5 Cumulative Update 1.
diff --git a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
index 8afa6d07aa..1dda9afeed 100644
--- a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
+++ b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
@@ -32,9 +32,9 @@ Provides information about operational tasks for using the Application Virtualiz
 
 For more information about general App-V sequencing best practices, see the following Microsoft Web sites:
 
-MCS Sequencing Guidelines at <http://go.microsoft.com/fwlink/?LinkId=113132>
+MCS Sequencing Guidelines at <https://go.microsoft.com/fwlink/?LinkId=113132>
 
-Best Practices for Sequencing at <http://go.microsoft.com/fwlink/?LinkId=122168>
+Best Practices for Sequencing at <https://go.microsoft.com/fwlink/?LinkId=122168>
 
  
 
diff --git a/mdop/appv-v4/planning-for-client-security.md b/mdop/appv-v4/planning-for-client-security.md
index 01e2af6c8f..2ebb17ce06 100644
--- a/mdop/appv-v4/planning-for-client-security.md
+++ b/mdop/appv-v4/planning-for-client-security.md
@@ -28,7 +28,7 @@ By default, at installation the App-V client is configured with the minimum perm
 
 ### File Type Associations
 
-By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see <http://go.microsoft.com/fwlink/?LinkId=133278>.
+By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see <https://go.microsoft.com/fwlink/?LinkId=133278>.
 
 **Security Note:  **
 
@@ -66,7 +66,7 @@ If you are using IIS to publish the ICO and OSD files, configure a MIME type for
 
 ### Package Streaming
 
-When a user launches an application for the first time, or if auto-loading parameters have been set on the client, the application package is streamed from a server to the client cache. This process supports the RTSP/RTSPS, HTTP/HTTPS, and SMB/CIFS protocols. The OSD files control which protocols are used, unless the **ApplicationSourceRoot** or **OverrideURL** setting has been configured on the clients. You should configure communication to occur over RTSPS, HTTPS, or IPsec for SMB/CIFS to achieve higher levels of security. For more information about choosing which communication method to use, see the App-V Planning and Deployment Guide at <http://go.microsoft.com/fwlink/?LinkId=122063>.
+When a user launches an application for the first time, or if auto-loading parameters have been set on the client, the application package is streamed from a server to the client cache. This process supports the RTSP/RTSPS, HTTP/HTTPS, and SMB/CIFS protocols. The OSD files control which protocols are used, unless the **ApplicationSourceRoot** or **OverrideURL** setting has been configured on the clients. You should configure communication to occur over RTSPS, HTTPS, or IPsec for SMB/CIFS to achieve higher levels of security. For more information about choosing which communication method to use, see the App-V Planning and Deployment Guide at <https://go.microsoft.com/fwlink/?LinkId=122063>.
 
 **Note**  
 If you are using IIS to publish packages (SFT files), configure a MIME type for SFT=Binary; otherwise, IIS will refuse to serve the SFT files to clients.
diff --git a/mdop/appv-v4/planning-for-migration-from-previous-versions.md b/mdop/appv-v4/planning-for-migration-from-previous-versions.md
index dd24ad0381..1decd3f69e 100644
--- a/mdop/appv-v4/planning-for-migration-from-previous-versions.md
+++ b/mdop/appv-v4/planning-for-migration-from-previous-versions.md
@@ -197,7 +197,7 @@ Windows Installer files generated by the App-V 4.5 Sequencer display the error m
 
 Any 4.2 reports that were created and saved will be overwritten when the server is upgraded to 4.5. If you need to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade.
 
-For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](http://go.microsoft.com/fwlink/?LinkId=120358) (http://go.microsoft.com/fwlink/?LinkId=120358).
+For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/planning-for-server-security.md b/mdop/appv-v4/planning-for-server-security.md
index 4664961cac..3c58e54c1a 100644
--- a/mdop/appv-v4/planning-for-server-security.md
+++ b/mdop/appv-v4/planning-for-server-security.md
@@ -38,9 +38,9 @@ The Application Virtualization Management Server and Application Virtualization
 
 It is recommended that communications between App-V Management Server, Management Service and the data store be secured with Internet Protocol Security (IPsec). Specifically, create policies that secure the communication channel between the data store (SQL) and the Management Server and the data store and the Management Service. You can also deploy server and domain isolation with IPsec, ensuring all App-V infrastructure components communicate only with secure channels. For information about implementing IPsec, refer to the following documentation:
 
--   For Windows Server 2003, see <http://go.microsoft.com/fwlink/?LinkId=133226> (http://go.microsoft.com/fwlink/?LinkId=133226).
+-   For Windows Server 2003, see <https://go.microsoft.com/fwlink/?LinkId=133226> (https://go.microsoft.com/fwlink/?LinkId=133226).
 
--   For Windows Server 2008, see <http://go.microsoft.com/fwlink/?LinkId=133227> (http://go.microsoft.com/fwlink/?LinkId=133227).
+-   For Windows Server 2008, see <https://go.microsoft.com/fwlink/?LinkId=133227> (https://go.microsoft.com/fwlink/?LinkId=133227).
 
 ### Content Directory
 
@@ -65,7 +65,7 @@ Installing or configuring an App-V Management Server or Streaming Server to use
 -   Certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling `RTSPS://Myserver.mycompany.com/content/MyApp.sft`, but the certificate **Issued To** field contains `Myserver1.mycompany.com`, the client will not connect to the server and the session is terminated, even if `Myserver.mycompany.com` and `Myserver1.mycompany.com` resolve to the same IP address.
 
     **Note**  
-    If you use App-V in a network load balanced cluster, the certificate must be configured with *Subject Alternate Names* (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <http://go.microsoft.com/fwlink/?LinkId=133228> (http://go.microsoft.com/fwlink/?LinkId=133228).
+    If you use App-V in a network load balanced cluster, the certificate must be configured with *Subject Alternate Names* (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <https://go.microsoft.com/fwlink/?LinkId=133228> (https://go.microsoft.com/fwlink/?LinkId=133228).
 
      
 
@@ -74,13 +74,13 @@ Installing or configuring an App-V Management Server or Streaming Server to use
 -   You must change the permissions for the *Certificate Private Key* to enable access by the Server App-V Service. By default, the App-V Management Server and Streaming Server services run under the Network Service account. When a PKCS\#10 is generated on the server, a private key is created. Only the Local System and Administrators groups have access to this key. These default ACLs prevent the App-V server from accepting secure connections.
 
     **Note**  
-    For information about configuring a public key infrastructure (PKI), see <http://go.microsoft.com/fwlink/?LinkId=133229> (http://go.microsoft.com/fwlink/?LinkId=133229).
+    For information about configuring a public key infrastructure (PKI), see <https://go.microsoft.com/fwlink/?LinkId=133229> (https://go.microsoft.com/fwlink/?LinkId=133229).
 
      
 
 ### Configuring IIS Servers with HTTPS
 
-App-V might use IIS servers in certain infrastructure configurations. For more information about configuring IIS servers, see <http://go.microsoft.com/fwlink/?LinkId=133230> (http://go.microsoft.com/fwlink/?LinkId=133230).
+App-V might use IIS servers in certain infrastructure configurations. For more information about configuring IIS servers, see <https://go.microsoft.com/fwlink/?LinkId=133230> (https://go.microsoft.com/fwlink/?LinkId=133230).
 
 **Note**  
 If you are using IIS to publish the ICO and OSD files, configure a MIME type for OSD=TXT; otherwise, IIS will refuse to serve the ICO and OSD files to clients.
diff --git a/mdop/appv-v4/support-for-client-reporting-over-http.md b/mdop/appv-v4/support-for-client-reporting-over-http.md
index a857fad0b2..74fab84491 100644
--- a/mdop/appv-v4/support-for-client-reporting-over-http.md
+++ b/mdop/appv-v4/support-for-client-reporting-over-http.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 Version 4.6 of the App-V client now supports the use of HTTP communication when sending client reporting data to the publishing server. This feature supports scenarios where a customer has implemented a custom HTTP(S) publishing server that is configured to collect and process client data.
 
-For more information on HTTP publishing servers, see <http://go.microsoft.com/fwlink/?LinkId=157426>
+For more information on HTTP publishing servers, see <https://go.microsoft.com/fwlink/?LinkId=157426>
 
 ## Client Reporting over HTTP
 
diff --git a/mdop/appv-v4/virtual-application-package-additional-components.md b/mdop/appv-v4/virtual-application-package-additional-components.md
index 84ab9e06e7..d917912857 100644
--- a/mdop/appv-v4/virtual-application-package-additional-components.md
+++ b/mdop/appv-v4/virtual-application-package-additional-components.md
@@ -27,13 +27,13 @@ To locate the required existing public assemblies, open the directory where the
 
 Use any of the following links to download and install the correct version of the required prerequisites:
 
--   [Microsoft Visual C++ 2005 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152697)
+-   [Microsoft Visual C++ 2005 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152697)
 
--   [Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152698)
+-   [Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152698)
 
--   [Microsoft Visual C++ 2008 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152699)
+-   [Microsoft Visual C++ 2008 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152699)
 
--   [Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152700)
+-   [Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152700)
 
  
 
diff --git a/mdop/appv-v5/about-app-v-50-reporting.md b/mdop/appv-v5/about-app-v-50-reporting.md
index 77ba670095..0a5dfb415b 100644
--- a/mdop/appv-v5/about-app-v-50-reporting.md
+++ b/mdop/appv-v5/about-app-v-50-reporting.md
@@ -32,7 +32,7 @@ The following list displays the end–to-end high-level workflow for reporting i
 
 2.  Install the App-V 5.0 reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md). Configure the time when the computer running the App-V 5.0 client should send data to the reporting server.
 
-3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <http://go.microsoft.com/fwlink/?LinkId=397255>.
+3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <https://go.microsoft.com/fwlink/?LinkId=397255>.
 
     **Note**  
     If you are using the Configuration Manager integration with App-V 5.0, most reports are generated from Configuration Manager rather than from App-V 5.0.
@@ -287,7 +287,7 @@ To retrieve report information and create reports using App-V 5.0 you must use o
 
 -   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V 5.0 reporting server. It must be deployed separately to generate the associated reports.
 
-    Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596).
+    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://go.microsoft.com/fwlink/?LinkId=285596).
 
 -   **Scripting** – You can generate reports by scripting directly against the App-V 5.0 reporting database. For example:
 
@@ -295,7 +295,7 @@ To retrieve report information and create reports using App-V 5.0 you must use o
 
     **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
 
-    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=287045).
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=287045).
 
     The stored procedure is also created when using the App-V 5.0 database scripts.
 
diff --git a/mdop/appv-v5/about-app-v-50-sp1.md b/mdop/appv-v5/about-app-v-50-sp1.md
index e6f75ebc8c..6f86684497 100644
--- a/mdop/appv-v5/about-app-v-50-sp1.md
+++ b/mdop/appv-v5/about-app-v-50-sp1.md
@@ -33,7 +33,7 @@ This service pack contains the following changes:
 ## How to Get MDOP Technologies
 
 
-App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-50-sp2.md b/mdop/appv-v5/about-app-v-50-sp2.md
index 22d8bd0187..a5362bac7d 100644
--- a/mdop/appv-v5/about-app-v-50-sp2.md
+++ b/mdop/appv-v5/about-app-v-50-sp2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # About App-V 5.0 SP2
 
 
-App-V 5.0 SP2 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see, [App-V 5.0 Overview](http://go.microsoft.com/fwlink/p/?LinkId=325265) (http://go.microsoft.com/fwlink/?LinkId=325265).
+App-V 5.0 SP2 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see, [App-V 5.0 Overview](https://go.microsoft.com/fwlink/p/?LinkId=325265) (https://go.microsoft.com/fwlink/?LinkId=325265).
 
 ## Changes in Standard App-V 5.0 SP2 Functionality
 
@@ -101,7 +101,7 @@ This document focuses on creating a Microsoft Office 2013 App-V 5.0 Package. How
 
 In previous versions of App-V 5.0 the Client Management User Interface (UI) was provided with the App-V 5.0 Client installation. With App-V 5.0 SP2 this is no longer the case. Administrators now have the option to deploy the App-V 5.0 Client UI as a Virtual Application (using all supported App-V deployment configurations) or as an installed application.
 
-For more information see [Microsoft Application Virtualization 5.0 Client UI Application](http://go.microsoft.com/fwlink/p/?LinkId=386345) (http://go.microsoft.com/fwlink/?LinkId=386345).
+For more information see [Microsoft Application Virtualization 5.0 Client UI Application](https://go.microsoft.com/fwlink/p/?LinkId=386345) (https://go.microsoft.com/fwlink/?LinkId=386345).
 
 ### Side-by-Side (SxS) Assembly Automatic Packaging and Deployment
 
@@ -157,7 +157,7 @@ App-V 5.0 SP2 provides updated documentation for the following scenarios:
 ## How to Get MDOP Technologies
 
 
-App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md
index 23f370c5a5..aeca744a26 100644
--- a/mdop/appv-v5/about-app-v-50-sp3.md
+++ b/mdop/appv-v5/about-app-v-50-sp3.md
@@ -816,7 +816,7 @@ Client-Catalog Client-Integration Client-Orchestration Client-PackageConfig Clie
 ## How to Get MDOP Technologies
 
 
-App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-50.md b/mdop/appv-v5/about-app-v-50.md
index a015d9082d..af2eb38ec2 100644
--- a/mdop/appv-v5/about-app-v-50.md
+++ b/mdop/appv-v5/about-app-v-50.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # About App-V 5.0
 
 
-App-V 5.0 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see the [App-V 5.0 Overview](http://go.microsoft.com/fwlink/?LinkId=325265) (http://go.microsoft.com/fwlink/?LinkId=325265).
+App-V 5.0 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see the [App-V 5.0 Overview](https://go.microsoft.com/fwlink/?LinkId=325265) (https://go.microsoft.com/fwlink/?LinkId=325265).
 
 ## <a href="" id="what-s-new-"></a>What’s new?
 
@@ -87,7 +87,7 @@ The following table displays some of the differences between App-V 4.6 and App-V
 ## How to Get MDOP Technologies
 
 
-App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-51-reporting.md b/mdop/appv-v5/about-app-v-51-reporting.md
index d225aab003..38584df2af 100644
--- a/mdop/appv-v5/about-app-v-51-reporting.md
+++ b/mdop/appv-v5/about-app-v-51-reporting.md
@@ -32,7 +32,7 @@ The following list displays the end–to-end high-level workflow for reporting i
 
 2.  Install the App-V 5.1 reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md). Configure the time when the computer running the App-V 5.1 client should send data to the reporting server.
 
-3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <http://go.microsoft.com/fwlink/?LinkId=397255>.
+3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <https://go.microsoft.com/fwlink/?LinkId=397255>.
 
     **Note**  
     If you are using the Configuration Manager integration with App-V 5.1, most reports are generated from Configuration Manager rather than from App-V 5.1.
@@ -287,7 +287,7 @@ To retrieve report information and create reports using App-V 5.1 you must use o
 
 -   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V 5.1 reporting server. It must be deployed separately to generate the associated reports.
 
-    Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596).
+    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://go.microsoft.com/fwlink/?LinkId=285596).
 
 -   **Scripting** – You can generate reports by scripting directly against the App-V 5.1 reporting database. For example:
 
@@ -295,7 +295,7 @@ To retrieve report information and create reports using App-V 5.1 you must use o
 
     **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
 
-    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=287045).
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=287045).
 
     The stored procedure is also created when using the App-V 5.1 database scripts.
 
diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md
index 54e14130c6..3e026b4e25 100644
--- a/mdop/appv-v5/about-app-v-51.md
+++ b/mdop/appv-v5/about-app-v-51.md
@@ -503,7 +503,7 @@ Previously, the 4.6 root folder was not recognized and could not be accessed by
 ## How to Get MDOP Technologies
 
 
-App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/accessibility-for-app-v-50.md b/mdop/appv-v5/accessibility-for-app-v-50.md
index a58364ec78..364b488643 100644
--- a/mdop/appv-v5/accessibility-for-app-v-50.md
+++ b/mdop/appv-v5/accessibility-for-app-v-50.md
@@ -110,7 +110,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -132,7 +132,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/appv-v5/accessibility-for-app-v-51.md b/mdop/appv-v5/accessibility-for-app-v-51.md
index 1d53ac7b5d..6dd47f7bf3 100644
--- a/mdop/appv-v5/accessibility-for-app-v-51.md
+++ b/mdop/appv-v5/accessibility-for-app-v-51.md
@@ -131,7 +131,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -153,7 +153,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/appv-v5/app-v-50-prerequisites.md b/mdop/appv-v5/app-v-50-prerequisites.md
index 29c64a87d8..92befd0ba0 100644
--- a/mdop/appv-v5/app-v-50-prerequisites.md
+++ b/mdop/appv-v5/app-v-50-prerequisites.md
@@ -121,7 +121,7 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
 <li><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)</p>
 <p>This prerequisite is only required if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.</p>
 <p></p></li>
-<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (http://go.microsoft.com/fwlink/?LinkId=26999)</p>
+<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)</p>
 <p></p></li>
 <li><p>[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)</p></li>
 </ul></li>
@@ -166,7 +166,7 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
 <div>
  
 </div></li>
-<li><p>Download and install [KB2533623](http://go.microsoft.com/fwlink/?LinkId=286102 ) (http://go.microsoft.com/fwlink/?LinkId=286102)</p>
+<li><p>Download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102)</p>
 <p></p>
 <div class="alert">
 <strong>Important</strong>  
@@ -181,7 +181,7 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
 <li><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)</p>
 <p>This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.</p>
 <p></p></li>
-<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (http://go.microsoft.com/fwlink/?LinkId=26999)</p>
+<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)</p>
 <p></p></li>
 <li><p>[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)</p></li>
 </ul></li>
@@ -230,7 +230,7 @@ If the system requirements of a locally installed application exceed the require
 <p></p></li>
 <li><p>Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)</p>
 <p></p></li>
-<li><p>For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](http://go.microsoft.com/fwlink/?LinkId=286102 ) (http://go.microsoft.com/fwlink/?LinkId=286102)</p>
+<li><p>For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102)</p>
 <p></p>
 <div class="alert">
 <strong>Important</strong>  
@@ -313,7 +313,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
  
 </div></li>
 <li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](http://www.microsoft.com/download/details.aspx?id=13523) (http://www.microsoft.com/download/details.aspx?id=13523)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110) (http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110) (https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 <li><p>64-bit ASP.NET registration</p></li>
 </ul>
 <p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management server.</p>
@@ -345,7 +345,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 </div>
 <ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 </ul>
 <p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database.</p>
 <ul>
@@ -354,14 +354,14 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 <li><p>Custom App-V 5.0 database name (if applicable) – you must specify a unique database name. The default value for the management database is <strong>AppVManagement</strong>.</p></li>
 <li><p>App-V 5.0 management server location – specifies the machine account on which the management server is deployed. This should be specified in the following format <strong>Domain\MachineAccount</strong>.</p></li>
 <li><p>App-V 5.0 management server installation administrator - specifies the account that will be used to install the App-V 5.0 management server. You should use the following format: <strong>Domain\AdministratorLoginName</strong>.</p></li>
-<li><p>Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](http://go.microsoft.com/fwlink/?LinkId=273725) (http://go.microsoft.com/fwlink/?LinkId=273725).</p></li>
+<li><p>Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](https://go.microsoft.com/fwlink/?LinkId=273725) (https://go.microsoft.com/fwlink/?LinkId=273725).</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Reporting Server</strong></p></td>
 <td align="left"><ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 <li><div class="alert">
 <strong>Note</strong>  
 <p>To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.</p>
@@ -388,7 +388,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 </div>
 <ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 </ul>
 <p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database.</p>
 <ul>
@@ -404,7 +404,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 <td align="left"><p><strong>Publishing Server</strong></p></td>
 <td align="left"><ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 <li><p>Windows Web Server with the IIS role with the following features: <strong>Common HTTP Features</strong> (static content and default document), <strong>Application Development</strong> (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Management Tools</strong> (IIS Management Console)</p></li>
 <li><p>64-bit ASP.NET registration</p></li>
 </ul>
diff --git a/mdop/appv-v5/app-v-50-security-considerations.md b/mdop/appv-v5/app-v-50-security-considerations.md
index 80465b3f69..3ab2c1e27b 100644
--- a/mdop/appv-v5/app-v-50-security-considerations.md
+++ b/mdop/appv-v5/app-v-50-security-considerations.md
@@ -32,9 +32,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.0 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.0 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.0, subscribe to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.0, subscribe to the Security Notification service (<https://go.microsoft.com/fwlink/p/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.0 and App-V 5.0 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.0 and App-V 5.0 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/p/?LinkId=30009>).
 
 ## Accounts and groups in App-V 5.0
 
diff --git a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
index b8f5ab3ec8..d322d23b00 100644
--- a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
+++ b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
@@ -41,7 +41,7 @@ The App-V 5.0 SP3 Server does not support the following scenarios:
 The following table lists the operating systems that are supported for the App-V 5.0 SP3 Management server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
 
  
 
diff --git a/mdop/appv-v5/app-v-50-supported-configurations.md b/mdop/appv-v5/app-v-50-supported-configurations.md
index 017bbdc6b2..5ccd534c4c 100644
--- a/mdop/appv-v5/app-v-50-supported-configurations.md
+++ b/mdop/appv-v5/app-v-50-supported-configurations.md
@@ -56,7 +56,7 @@ The App-V 5.0 server does not support the following scenarios:
 The following table lists the operating systems that are supported for the App-V 5.0 management server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -117,7 +117,7 @@ Deployment of the management server role to a computer with Remote Desktop Shari
 The following table lists the operating systems that are supported for the App-V 5.0 publishing server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -173,7 +173,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 The following table lists the operating systems that are supported for the App-V 5.0 reporting server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -281,7 +281,7 @@ The following table lists the SQL Server versions that are supported for the Ap
 The following table lists the operating systems that are supported for the App-V 5.0 client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -350,7 +350,7 @@ The following list displays the supported hardware configuration for the App-V 5
 The following table lists the operating systems that are supported for App-V 5.0 Remote Desktop client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -394,7 +394,7 @@ The following list displays the supported hardware configuration for the App-V 5
 The following table lists the operating systems that are supported for App-V 5.0 Sequencer installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/appv-v5/app-v-51-security-considerations.md b/mdop/appv-v5/app-v-51-security-considerations.md
index 0d4858a9e0..9601386069 100644
--- a/mdop/appv-v5/app-v-51-security-considerations.md
+++ b/mdop/appv-v5/app-v-51-security-considerations.md
@@ -32,9 +32,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.1 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.1 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.1, subscribe to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.1, subscribe to the Security Notification service (<https://go.microsoft.com/fwlink/p/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.1 and App-V 5.1 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.1 and App-V 5.1 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/p/?LinkId=30009>).
 
 ## Accounts and groups in App-V 5.1
 
diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md
index e577b07048..9c74ff17a6 100644
--- a/mdop/appv-v5/app-v-51-supported-configurations.md
+++ b/mdop/appv-v5/app-v-51-supported-configurations.md
@@ -39,7 +39,7 @@ The App-V 5.1 Server does not support the following scenarios:
 The following table lists the operating systems that are supported for the App-V 5.1 Management server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
 
  
 
diff --git a/mdop/appv-v5/application-publishing-and-client-interaction.md b/mdop/appv-v5/application-publishing-and-client-interaction.md
index 116dc7fb5b..8d791d1880 100644
--- a/mdop/appv-v5/application-publishing-and-client-interaction.md
+++ b/mdop/appv-v5/application-publishing-and-client-interaction.md
@@ -247,7 +247,7 @@ To change the default location of the package store during setup, see [How to De
 
 ### Shared Content Store
 
-If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <http://go.microsoft.com/fwlink/p/?LinkId=392750>.
+If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <https://go.microsoft.com/fwlink/p/?LinkId=392750>.
 
 **Note**  
 The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
@@ -589,9 +589,9 @@ App-V packages can be configured with a primary feature block during sequencing.
 
 After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
 
-For more information on App-V Package streaming visit: <http://go.microsoft.com/fwlink/?LinkId=392770>.
+For more information on App-V Package streaming visit: <https://go.microsoft.com/fwlink/?LinkId=392770>.
 
-Sequencing for streaming optimization is available at: <http://go.microsoft.com/fwlink/?LinkId=392771>.
+Sequencing for streaming optimization is available at: <https://go.microsoft.com/fwlink/?LinkId=392771>.
 
 ### Package upgrades
 
@@ -803,7 +803,7 @@ This process will re-create both the local and network locations for AppData and
 
 In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client.
 
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <http://go.microsoft.com/fwlink/?LinkId=392773>.
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <https://go.microsoft.com/fwlink/?LinkId=392773>.
 
 The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See the How to Deploy the Client section on TechNet at: [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) or utilize the PowerShell:
 
@@ -1311,7 +1311,7 @@ The App-V Client supports publishing applications with support for COM integrati
 
 App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml).
 
-Details on App-V integration are available at: <http://go.microsoft.com/fwlink/?LinkId=392834>.
+Details on App-V integration are available at: <https://go.microsoft.com/fwlink/?LinkId=392834>.
 
 ### Software clients and application capabilities
 
@@ -1380,7 +1380,7 @@ For situations where there is more than one application that could register the
 
 The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing.
 
-The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <http://go.microsoft.com/fwlink/?LinkId=392835>.
+The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <https://go.microsoft.com/fwlink/?LinkId=392835>.
 
 ### Virtual application
 
@@ -1502,7 +1502,7 @@ App-V Packages contain the Manifest file inside of the appv package file, which
 
 ### Example for dynamic configuration files
 
-The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <http://go.microsoft.com/fwlink/?LinkID=269810>
+The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <https://go.microsoft.com/fwlink/?LinkID=269810>
 
 **Manifest**
 
diff --git a/mdop/appv-v5/application-publishing-and-client-interaction51.md b/mdop/appv-v5/application-publishing-and-client-interaction51.md
index 0754f6a1d8..47c268f62b 100644
--- a/mdop/appv-v5/application-publishing-and-client-interaction51.md
+++ b/mdop/appv-v5/application-publishing-and-client-interaction51.md
@@ -92,7 +92,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The
 
  
 
-For information about sequencing, see [Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkID=269810).
+For information about sequencing, see [Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkID=269810).
 
 ## <a href="" id="bkmk-appv-file-contents"></a>What’s in the appv file?
 
@@ -247,7 +247,7 @@ To change the default location of the package store during setup, see [How to De
 
 ### Shared Content Store
 
-If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <http://go.microsoft.com/fwlink/p/?LinkId=392750>.
+If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <https://go.microsoft.com/fwlink/p/?LinkId=392750>.
 
 **Note**  
 The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
@@ -589,9 +589,9 @@ App-V packages can be configured with a primary feature block during sequencing.
 
 After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
 
-For more information on App-V Package streaming visit: <http://go.microsoft.com/fwlink/?LinkId=392770>.
+For more information on App-V Package streaming visit: <https://go.microsoft.com/fwlink/?LinkId=392770>.
 
-Sequencing for streaming optimization is available at: <http://go.microsoft.com/fwlink/?LinkId=392771>.
+Sequencing for streaming optimization is available at: <https://go.microsoft.com/fwlink/?LinkId=392771>.
 
 ### Package upgrades
 
@@ -803,7 +803,7 @@ This process will re-create both the local and network locations for AppData and
 
 In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client.
 
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <http://go.microsoft.com/fwlink/?LinkId=392773>.
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <https://go.microsoft.com/fwlink/?LinkId=392773>.
 
 The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See the How to Deploy the Client section on TechNet at: [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) or utilize the PowerShell:
 
@@ -1311,7 +1311,7 @@ The App-V Client supports publishing applications with support for COM integrati
 
 App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml).
 
-Details on App-V integration are available at: <http://go.microsoft.com/fwlink/?LinkId=392834>.
+Details on App-V integration are available at: <https://go.microsoft.com/fwlink/?LinkId=392834>.
 
 ### Software clients and application capabilities
 
@@ -1380,7 +1380,7 @@ For situations where there is more than one application that could register the
 
 The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing.
 
-The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <http://go.microsoft.com/fwlink/?LinkId=392835>.
+The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <https://go.microsoft.com/fwlink/?LinkId=392835>.
 
 ### Virtual application
 
@@ -1502,7 +1502,7 @@ App-V Packages contain the Manifest file inside of the appv package file, which
 
 ### Example for dynamic configuration files
 
-The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <http://go.microsoft.com/fwlink/?LinkID=269810>
+The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <https://go.microsoft.com/fwlink/?LinkID=269810>
 
 **Manifest**
 
diff --git a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
index 90f6a35518..b587a6d203 100644
--- a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
+++ b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
@@ -15,7 +15,7 @@ ms.prod: w10
 
 You can deploy App-V 5.0 packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V 5.0 with an Electronic Software Distribution System](planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md).
 
-To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816)
+To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816)
 
 ## How to deploy virtualized packages using an ESD
 
@@ -39,7 +39,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 ## Other resources for using an ESD and App-V 5.0
 
 
-Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294).
+Use the following link for more information about [App-V and Citrix Integration](https://go.microsoft.com/fwlink/?LinkId=330294 ) (https://go.microsoft.com/fwlink/?LinkId=330294).
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
diff --git a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
index 1e8db3d31a..2b24f5e756 100644
--- a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
+++ b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
@@ -15,7 +15,7 @@ ms.prod: w10
 
 You can deploy App-V 5.1 packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md).
 
-To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816)
+To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816)
 
 ## How to deploy virtualized packages using an ESD
 
@@ -39,7 +39,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 ## Other resources for using an ESD and App-V 5.1
 
 
-Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294).
+Use the following link for more information about [App-V and Citrix Integration](https://go.microsoft.com/fwlink/?LinkId=330294 ) (https://go.microsoft.com/fwlink/?LinkId=330294).
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
index 17fcf783cc..eec1bd9312 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
@@ -73,16 +73,16 @@ The following table shows the App-V versions, methods of Office package creation
 
 Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.0. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.0, refer to the following link for detailed instructions:
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 ## Creating Office 2010 App-V 5.0 packages using package accelerators
 
 
 Office 2010 App-V 5.0 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677)
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678)
 
 For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md).
 
@@ -178,7 +178,7 @@ The following table provides a full list of supported integration points for Off
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
@@ -276,19 +276,19 @@ The following table provides a full list of supported integration points for Off
 
 **Office 2013 App-V 5.0 Packages 5.0 Additional Resources**
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V 5.0 Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
index 8423b1637e..e48ac4f848 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
@@ -74,16 +74,16 @@ The following table shows the App-V versions, methods of Office package creation
 
 Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.1. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.1, refer to the following link for detailed instructions:
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 ## Creating Office 2010 App-V 5.1 packages using package accelerators
 
 
 Office 2010 App-V 5.1 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677)
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678)
 
 For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md).
 
@@ -179,7 +179,7 @@ The following table provides a full list of supported integration points for Off
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
@@ -277,19 +277,19 @@ The following table provides a full list of supported integration points for Off
 
 **Office 2013 App-V Packages Additional Resources**
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
index d6f50efe56..a0615d5921 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
@@ -859,21 +859,21 @@ The following table describes the requirements and options for deploying Visio 2
 
 **Office 2013 App-V 5.0 Packages 5.0 Additional Resources**
 
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672)
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V 5.0 Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
index 4004b3a502..cc8b0e0899 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
@@ -859,21 +859,21 @@ The following table describes the requirements and options for deploying Visio 2
 
 **Office 2013 App-V Packages Additional Resources**
 
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672)
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
diff --git a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
index 3840ca02e8..368114618a 100644
--- a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
+++ b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
@@ -78,10 +78,10 @@ App-V consists of the following elements:
 
 For more information about these elements, see [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md).
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272491> (http://go.microsoft.com/fwlink/?LinkId=272491).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272491> (https://go.microsoft.com/fwlink/?LinkId=272491).
 
  
 
diff --git a/mdop/appv-v5/getting-started-with-app-v-51.md b/mdop/appv-v5/getting-started-with-app-v-51.md
index a52ed5a6af..345a6d90cc 100644
--- a/mdop/appv-v5/getting-started-with-app-v-51.md
+++ b/mdop/appv-v5/getting-started-with-app-v-51.md
@@ -78,10 +78,10 @@ App-V consists of the following elements:
 
 For more information about these elements, see [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md).
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272491> (http://go.microsoft.com/fwlink/?LinkId=272491).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272491> (https://go.microsoft.com/fwlink/?LinkId=272491).
 
  
 
diff --git a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
index 0c26992a88..e173b618dd 100644
--- a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
+++ b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
@@ -56,7 +56,7 @@ Use one of the following methods to publish packages to App-V client computers w
 
 3.  After you create the virtual application, deploy the package by using your ESD solution.
 
-    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.0 and System Center 2012 Configuration Manager.
+    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.0 and System Center 2012 Configuration Manager.
 
     **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
diff --git a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
index 57d35ae0fd..8dc2d96f99 100644
--- a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
+++ b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
@@ -56,7 +56,7 @@ Use one of the following methods to publish packages to App-V client computers w
 
 3.  After you create the virtual application, deploy the package by using your ESD solution.
 
-    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.1 and System Center 2012 Configuration Manager.
+    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.1 and System Center 2012 Configuration Manager.
 
     **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
index 665ed2cb64..a457bb620d 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
@@ -20,7 +20,7 @@ Before performing this procedure if necessary uninstall any existing version of
 
  
 
-For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](http://go.microsoft.com/fwlink/?LinkId=316879) (http://go.microsoft.com/fwlink/?LinkId=316879).
+For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879).
 
 **Install and configure the App-V 5.0 client for SCS mode**
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
index 5db3961fc1..a6ec22970a 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
@@ -20,7 +20,7 @@ Before performing this procedure if necessary uninstall any existing version of
 
  
 
-For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](http://go.microsoft.com/fwlink/?LinkId=316879) (http://go.microsoft.com/fwlink/?LinkId=316879).
+For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879).
 
 **Install and configure the App-V 5.1 client for SCS mode**
 
diff --git a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
index 002ace03c3..64a701c578 100644
--- a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
@@ -168,7 +168,7 @@ Use the following information to remove a package from the computer.
 **Example**: Remove-AppvClientPackage “ContosoApplication”
 
 **Note**  
-App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](http://go.microsoft.com/fwlink/?LinkId=324466).
+App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466).
 
  
 
diff --git a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
index 045445d18b..e9326746d0 100644
--- a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
@@ -168,7 +168,7 @@ Use the following information to remove a package from the computer.
 **Example**: Remove-AppvClientPackage “ContosoApplication”
 
 **Note**  
-App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](http://go.microsoft.com/fwlink/?LinkId=324466).
+App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466).
 
  
 
diff --git a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
index 74d46be60b..daf5ce0ce1 100644
--- a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
+++ b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
@@ -20,7 +20,7 @@ Use the App-V 5.0 ADMX template to configure App-V 5.0 client settings using the
 1.  To modify the App-V 5.0 client configuration, locate the **ADMXTemplate** files that are available with App-V 5.0.
 
     **Note**  
-    Use the following link to download the App-V 5.0 **ADMX Templates**: <http://go.microsoft.com/fwlink/p/?LinkId=393941>.
+    Use the following link to download the App-V 5.0 **ADMX Templates**: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
 
      
 
diff --git a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
index 5b2fbda5e8..d52f3cb261 100644
--- a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
+++ b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
@@ -20,7 +20,7 @@ Use the Microsoft Application Virtualization (App-V) 5.1 ADMX template to config
 1.  To modify the App-V 5.1 client configuration, locate the **ADMXTemplate** files that are available with App-V 5.1.
 
     **Note**  
-    Use the following link to download the App-V 5.1 **ADMX Templates**: <http://go.microsoft.com/fwlink/p/?LinkId=393941>.
+    Use the following link to download the App-V 5.1 **ADMX Templates**: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
 
      
 
diff --git a/mdop/appv-v5/index.md b/mdop/appv-v5/index.md
index 595ae97ee5..32649ad47e 100644
--- a/mdop/appv-v5/index.md
+++ b/mdop/appv-v5/index.md
@@ -37,11 +37,11 @@ View updated product information and known issues for App-V 5.0 SP2.
 <a href="" id="release-notes-for-app-v-5-0"></a>[Release Notes for App-V 5.0](release-notes-for-app-v-50.md)  
 View updated product information and known issues for App-V 5.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
index 61dfa74130..bce39362ac 100644
--- a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
+++ b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
@@ -183,7 +183,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
-[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](http://go.microsoft.com/fwlink/p/?LinkId=786330)
+[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330)
 
  
 
diff --git a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
index 9ebb64b839..66c6dbe443 100644
--- a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
+++ b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
@@ -319,7 +319,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
-[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](http://go.microsoft.com/fwlink/p/?LinkId=786330)
+[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330)
 
  
 
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
index e2f3c105d7..7d40072283 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
@@ -21,9 +21,9 @@ You should read and understand the following information before reading this doc
 
 -   [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md)
 
--   [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206)
+-   [App-V 5 SP2 Application Publishing and Client Interaction](https://go.microsoft.com/fwlink/?LinkId=395206)
 
--   [Microsoft Application Virtualization 5.0 Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953)
+-   [Microsoft Application Virtualization 5.0 Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953)
 
 **Note**  
 Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
index 00d873e79f..eae8fc5f75 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
@@ -21,9 +21,9 @@ You should read and understand the following information before reading this doc
 
 -   [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md)
 
--   [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206)
+-   [App-V 5 SP2 Application Publishing and Client Interaction](https://go.microsoft.com/fwlink/?LinkId=395206)
 
--   [Microsoft Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953)
+-   [Microsoft Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953)
 
 **Note**  
 Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
index b3d640ca76..9926bf487d 100644
--- a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
+++ b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
@@ -43,16 +43,16 @@ Review the following for more information about configuring IIS and Network Load
 
 -   Provides information about configuring Internet Information Services (IIS) 7.0.
 
-    [Achieving High Availability and Scalability - ARR and NLB](http://go.microsoft.com/fwlink/?LinkId=316369) (http://go.microsoft.com/fwlink/?LinkId=316369)
+    [Achieving High Availability and Scalability - ARR and NLB](https://go.microsoft.com/fwlink/?LinkId=316369) (https://go.microsoft.com/fwlink/?LinkId=316369)
 
 -   Configuring Microsoft Windows Server
 
-    [Network Load Balancing](http://go.microsoft.com/fwlink/?LinkId=316370) (http://go.microsoft.com/fwlink/?LinkId=316370).
+    [Network Load Balancing](https://go.microsoft.com/fwlink/?LinkId=316370) (https://go.microsoft.com/fwlink/?LinkId=316370).
 
     This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
 
     **Note**  
-    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](http://go.microsoft.com/fwlink/?LinkId=316371) (http://go.microsoft.com/fwlink/?LinkId=316371).
+    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371).
 
      
 
@@ -77,9 +77,9 @@ The following steps can be used to validate the configuration:
 
 Review the following for more information about configuring Windows Server Failover clusters:
 
--   [Checklist: Create a Clustered File Server](http://go.microsoft.com/fwlink/?LinkId=316372) (http://go.microsoft.com/fwlink/?LinkId=316372).
+-   [Checklist: Create a Clustered File Server](https://go.microsoft.com/fwlink/?LinkId=316372) (https://go.microsoft.com/fwlink/?LinkId=316372).
 
--   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](http://go.microsoft.com/fwlink/?LinkId=316373) (http://go.microsoft.com/fwlink/?LinkId=316373).
+-   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](https://go.microsoft.com/fwlink/?LinkId=316373) (https://go.microsoft.com/fwlink/?LinkId=316373).
 
 ## <a href="" id="bkmk-sqlmirroring"></a>Support for Microsoft SQL Server Mirroring
 
@@ -88,9 +88,9 @@ Using Microsoft SQL Server mirroring, where the App-V 5.0 management server data
 
 Review the following for more information about configuring Microsoft SQL Server Mirroring:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=316375) (http://go.microsoft.com/fwlink/?LinkId=316375)
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) (https://go.microsoft.com/fwlink/?LinkId=316375)
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=316377) (http://go.microsoft.com/fwlink/?LinkId=316377)
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) (https://go.microsoft.com/fwlink/?LinkId=316377)
 
 The following steps can be used to validate the configuration:
 
@@ -124,13 +124,13 @@ This topic describes how to change the Windows registry by using Registry Editor
 
 Click any of the following links for more information:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=394235) (http://go.microsoft.com/fwlink/?LinkId=394235).
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=394235) (https://go.microsoft.com/fwlink/?LinkId=394235).
 
--   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394236) (http://go.microsoft.com/fwlink/?LinkId=394236).
+-   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394236) (https://go.microsoft.com/fwlink/?LinkId=394236).
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394237) (http://go.microsoft.com/fwlink/?LinkId=394237).
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394237) (https://go.microsoft.com/fwlink/?LinkId=394237).
 
--   [Deprecated Database Engine Features in SQL Server 2012](http://go.microsoft.com/fwlink/?LinkId=394238) (http://go.microsoft.com/fwlink/?LinkId=394238).
+-   [Deprecated Database Engine Features in SQL Server 2012](https://go.microsoft.com/fwlink/?LinkId=394238) (https://go.microsoft.com/fwlink/?LinkId=394238).
 
 ## <a href="" id="bkmk-sqlalwayson"></a>Support for Microsoft SQL Server Always On configuration
 
diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
index 86d1ce0564..02824b3260 100644
--- a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
+++ b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
@@ -43,16 +43,16 @@ Review the following for more information about configuring IIS and Network Load
 
 -   Provides information about configuring Internet Information Services (IIS) 7.0.
 
-    [Achieving High Availability and Scalability - ARR and NLB](http://go.microsoft.com/fwlink/?LinkId=316369) (http://go.microsoft.com/fwlink/?LinkId=316369)
+    [Achieving High Availability and Scalability - ARR and NLB](https://go.microsoft.com/fwlink/?LinkId=316369) (https://go.microsoft.com/fwlink/?LinkId=316369)
 
 -   Configuring Microsoft Windows Server
 
-    [Network Load Balancing](http://go.microsoft.com/fwlink/?LinkId=316370) (http://go.microsoft.com/fwlink/?LinkId=316370).
+    [Network Load Balancing](https://go.microsoft.com/fwlink/?LinkId=316370) (https://go.microsoft.com/fwlink/?LinkId=316370).
 
     This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
 
     **Note**  
-    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](http://go.microsoft.com/fwlink/?LinkId=316371) (http://go.microsoft.com/fwlink/?LinkId=316371).
+    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371).
 
      
 
@@ -77,9 +77,9 @@ The following steps can be used to validate the configuration:
 
 Review the following for more information about configuring Windows Server Failover clusters:
 
--   [Checklist: Create a Clustered File Server](http://go.microsoft.com/fwlink/?LinkId=316372) (http://go.microsoft.com/fwlink/?LinkId=316372).
+-   [Checklist: Create a Clustered File Server](https://go.microsoft.com/fwlink/?LinkId=316372) (https://go.microsoft.com/fwlink/?LinkId=316372).
 
--   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](http://go.microsoft.com/fwlink/?LinkId=316373) (http://go.microsoft.com/fwlink/?LinkId=316373).
+-   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](https://go.microsoft.com/fwlink/?LinkId=316373) (https://go.microsoft.com/fwlink/?LinkId=316373).
 
 ## <a href="" id="bkmk-sqlmirroring"></a>Support for Microsoft SQL Server Mirroring
 
@@ -88,9 +88,9 @@ Using Microsoft SQL Server mirroring, where the App-V 5.1 management server data
 
 Review the following for more information about configuring Microsoft SQL Server Mirroring:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=316375) (http://go.microsoft.com/fwlink/?LinkId=316375)
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) (https://go.microsoft.com/fwlink/?LinkId=316375)
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=316377) (http://go.microsoft.com/fwlink/?LinkId=316377)
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) (https://go.microsoft.com/fwlink/?LinkId=316377)
 
 The following steps can be used to validate the configuration:
 
@@ -124,13 +124,13 @@ This topic describes how to change the Windows registry by using Registry Editor
 
 Click any of the following links for more information:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=394235) (http://go.microsoft.com/fwlink/?LinkId=394235).
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=394235) (https://go.microsoft.com/fwlink/?LinkId=394235).
 
--   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394236) (http://go.microsoft.com/fwlink/?LinkId=394236).
+-   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394236) (https://go.microsoft.com/fwlink/?LinkId=394236).
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394237) (http://go.microsoft.com/fwlink/?LinkId=394237).
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394237) (https://go.microsoft.com/fwlink/?LinkId=394237).
 
--   [Deprecated Database Engine Features in SQL Server 2012](http://go.microsoft.com/fwlink/?LinkId=394238) (http://go.microsoft.com/fwlink/?LinkId=394238).
+-   [Deprecated Database Engine Features in SQL Server 2012](https://go.microsoft.com/fwlink/?LinkId=394238) (https://go.microsoft.com/fwlink/?LinkId=394238).
 
 ## <a href="" id="bkmk-sqlalwayson"></a>Support for Microsoft SQL Server Always On configuration
 
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office.md b/mdop/appv-v5/planning-for-using-app-v-with-office.md
index b1ffa81b34..477dfb7dd4 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office.md
@@ -292,7 +292,7 @@ The Office 2013 App-V package supports the following integration points with the
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>   Groove.SiteClient</p></td>
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office51.md b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
index 031528c7a8..c6edab05da 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
@@ -296,7 +296,7 @@ The Office 2013 App-V package supports the following integration points with the
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>   Groove.SiteClient</p></td>
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
index cad59aab8b..e5cdaf09d2 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Planning to Deploy App-V 5.0 with an Electronic Software Distribution System
 
 
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
index 63025c63a7..28262e158a 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Planning to Deploy App-V 5.1 with an Electronic Software Distribution System
 
 
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
index 5de0457e2e..6d617d34bd 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with App-V 5.0 SP1
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
index f3f88d512f..98cda38565 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with Hotfix Package 4 for Application Virtualization 5.0 SP2
 
@@ -125,7 +125,7 @@ The first time that end users start an application in the package after they log
 
 ### <a href="" id="-------------app-v-5-0-service-pack-2--app-v-5-0-sp2--does-not-include-a-new-version-of-the-app-v-server"></a> App-V 5.0 Service Pack 2 (App-V 5.0 SP2) does not include a new version of the App-V Server
 
-App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](http://go.microsoft.com/fwlink/?LinkId=386634). (http://go.microsoft.com/fwlink/?LinkId=386634)
+App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](https://go.microsoft.com/fwlink/?LinkId=386634). (https://go.microsoft.com/fwlink/?LinkId=386634)
 
 If you are running and managing App-V 5.0 SP2 clients using any of the following methods no client update is required:
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50.md b/mdop/appv-v5/release-notes-for-app-v-50.md
index 2df214ccdb..7ee8552e81 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with App-V 5.0
 
diff --git a/mdop/appv-v5/troubleshooting-app-v-50.md b/mdop/appv-v5/troubleshooting-app-v-50.md
index 8bffb9304f..9a76a66e8f 100644
--- a/mdop/appv-v5/troubleshooting-app-v-50.md
+++ b/mdop/appv-v5/troubleshooting-app-v-50.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting App-V 5.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/appv-v5/troubleshooting-app-v-51.md b/mdop/appv-v5/troubleshooting-app-v-51.md
index 734f0b8ff5..b44a3b27b5 100644
--- a/mdop/appv-v5/troubleshooting-app-v-51.md
+++ b/mdop/appv-v5/troubleshooting-app-v-51.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting App-V 5.1
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/dart-v10/about-dart-10.md b/mdop/dart-v10/about-dart-10.md
index 109f623a7a..0640700499 100644
--- a/mdop/dart-v10/about-dart-10.md
+++ b/mdop/dart-v10/about-dart-10.md
@@ -77,7 +77,7 @@ DaRT 10 is available in the following languages:
 ## How to Get MDOP Technologies
 
 
-DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/accessibility-for-dart-10.md b/mdop/dart-v10/accessibility-for-dart-10.md
index 7e3a6e4cc2..fd48e49ce5 100644
--- a/mdop/dart-v10/accessibility-for-dart-10.md
+++ b/mdop/dart-v10/accessibility-for-dart-10.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/creating-the-dart-10-recovery-image.md b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
index 6ec9e53ef1..8256160e22 100644
--- a/mdop/dart-v10/creating-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
@@ -131,7 +131,7 @@ If you include the Crash Analyzer tool in the ISO image, you must also include t
 
 If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 10 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 10 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
 
-To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
+To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
 
 **Note**  
 The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
diff --git a/mdop/dart-v10/dart-10-privacy-statement.md b/mdop/dart-v10/dart-10-privacy-statement.md
index 4a652b3b2e..86cfb6143e 100644
--- a/mdop/dart-v10/dart-10-privacy-statement.md
+++ b/mdop/dart-v10/dart-10-privacy-statement.md
@@ -52,7 +52,7 @@ We will occasionally update this privacy statement to reflect changes in our pro
 ## For More Information
 
 
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](http://go.microsoft.com/fwlink/?LinkID=245853).
+Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853).
 
 Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA
 
@@ -68,15 +68,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Update Services Privacy Statement at [http://go.microsoft.com/fwlink/?LinkId=244000](http://go.microsoft.com/fwlink/?LinkId=244400).
+For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/dart-10-supported-configurations.md b/mdop/dart-v10/dart-10-supported-configurations.md
index de6b9f182a..2d008d3a24 100644
--- a/mdop/dart-v10/dart-10-supported-configurations.md
+++ b/mdop/dart-v10/dart-10-supported-configurations.md
@@ -103,7 +103,7 @@ Make sure that you allocate enough space for any additional tools that you want
  
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
index 9ed61b0530..d19ed538ef 100644
--- a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
+++ b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
@@ -36,7 +36,7 @@ You can change, repair, or remove the DaRT installation by double-clicking the D
 ## How to get DaRT 10
 
 
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Other resources for deploying DaRT 10 to administrator computers
 
diff --git a/mdop/dart-v10/deploying-dart-10.md b/mdop/dart-v10/deploying-dart-10.md
index ef3667c79c..3e450d791a 100644
--- a/mdop/dart-v10/deploying-dart-10.md
+++ b/mdop/dart-v10/deploying-dart-10.md
@@ -36,7 +36,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 10 supports a number of differ
 
 ### How to get DaRT
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/p/?LinkId=322049) (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/p/?LinkId=322049) (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 ## Other Resources for deploying DaRT
 
diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md
index e42d71fae1..86a8d667ea 100644
--- a/mdop/dart-v10/getting-started-with-dart-10.md
+++ b/mdop/dart-v10/getting-started-with-dart-10.md
@@ -13,12 +13,12 @@ ms.prod: w10
 # Getting Started with DaRT 10
 
 
-Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [http://go.microsoft.com/fwlink/p/?LinkId=80347](http://go.microsoft.com/fwlink/?LinkId=80347).
+Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272493> (http://go.microsoft.com/fwlink/?LinkId=272493).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272493> (https://go.microsoft.com/fwlink/?LinkId=272493).
 
-Additional downloadable information about this product can also be found at <http://go.microsoft.com/fwlink/?LinkId=267420>.
+Additional downloadable information about this product can also be found at <https://go.microsoft.com/fwlink/?LinkId=267420>.
 
  
 
@@ -40,7 +40,7 @@ Additional downloadable information about this product can also be found at <htt
 ## How to Get DaRT 10
 
 
-DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
diff --git a/mdop/dart-v10/how-to-deploy-dart-10.md b/mdop/dart-v10/how-to-deploy-dart-10.md
index 7dbd6d1771..28bd009367 100644
--- a/mdop/dart-v10/how-to-deploy-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-dart-10.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # How to Deploy DaRT 10
 
 
-The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 10 in your environment. To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 10 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
+The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 10 in your environment. To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 10 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
 
 **Important**  
 Before you install DaRT, see [DaRT 10 Supported Configurations](dart-10-supported-configurations.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 10.
diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
index 999f139443..74f3d457c4 100644
--- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
@@ -32,7 +32,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures.
 
-For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](http://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](http://go.microsoft.com/fwlink/?LinkId=212106).
+For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
index bf7628c1c6..3d1ec87121 100644
--- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
@@ -34,11 +34,11 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
-    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](http://go.microsoft.com/fwlink/?LinkId=214222).
+    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222).
 
 4.  Replace the target partition in your Windows 10 image with the recovery partition.
 
-    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](http://go.microsoft.com/fwlink/?LinkId=214221).
+    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
index 03dd4fd404..9731655f49 100644
--- a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
+++ b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
@@ -89,7 +89,7 @@ A file is provided that is named inv32.xml and contains remote connection inform
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](http://go.microsoft.com/fwlink/?LinkId=219413).
+1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
     Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
diff --git a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
index 1351fd5141..87290ce300 100644
--- a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
+++ b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # How to Run the Crash Analyzer on an End-user Computer
 
 
-To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248).
+To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248).
 
 **To run the Crash Analyzer on an end-user computer**
 
diff --git a/mdop/dart-v10/index.md b/mdop/dart-v10/index.md
index 7d404dfd1c..403e85d410 100644
--- a/mdop/dart-v10/index.md
+++ b/mdop/dart-v10/index.md
@@ -39,17 +39,17 @@ DaRT 10 is an important part of the Microsoft Desktop Optimization Pack (MDOP),
 
 ### More Information
 
-<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049)  
+<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049)  
 Get information about how to download DaRT.
 
 <a href="" id="release-notes-for-dart-10"></a>[Release Notes for DaRT 10](release-notes-for-dart-10.md)  
 View updated product information and known issues for DaRT 10.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
index b80f07b582..9b29c873ca 100644
--- a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
@@ -45,7 +45,7 @@ The following items are required or recommended for creating the DaRT recovery i
 </tr>
 <tr class="odd">
 <td align="left"><p>Windows Debugging Tools for your platform</p></td>
-<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
+<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Optional: Windows symbols files for use with <strong>Crash Analyzer</strong></p></td>
diff --git a/mdop/dart-v10/security-considerations-for-dart-10.md b/mdop/dart-v10/security-considerations-for-dart-10.md
index 9735070a44..709e51c264 100644
--- a/mdop/dart-v10/security-considerations-for-dart-10.md
+++ b/mdop/dart-v10/security-considerations-for-dart-10.md
@@ -22,7 +22,7 @@ This topic contains a brief overview about the accounts and groups, log files, a
 
 **Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/?LinkId=28819>).
 
 ## Limit end-user access to DaRT tools
 
diff --git a/mdop/dart-v10/troubleshooting-dart-10.md b/mdop/dart-v10/troubleshooting-dart-10.md
index 08accb0d61..a6e6ec0996 100644
--- a/mdop/dart-v10/troubleshooting-dart-10.md
+++ b/mdop/dart-v10/troubleshooting-dart-10.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting DaRT 10
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to find troubleshooting content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/dart-v7/accessibility-for-dart-70.md b/mdop/dart-v7/accessibility-for-dart-70.md
index 6d7062c6f5..7f7b30dbda 100644
--- a/mdop/dart-v7/accessibility-for-dart-70.md
+++ b/mdop/dart-v7/accessibility-for-dart-70.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
index 544162e5da..6642ad1b4b 100644
--- a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
+++ b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
@@ -31,7 +31,7 @@ The **DaRT Recovery Image Wizard** only provides the option to burn a CD or DVD.
 ## Deploy the DaRT Recovery Image Using a USB Flash Drive
 
 
-After you have finished running the DaRT Recovery Image Wizard, you can use the tool at <http://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
+After you have finished running the DaRT Recovery Image Wizard, you can use the tool at <https://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
 
 [How to Deploy the DaRT Recovery Image Using a USB Flash Drive](how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md)
 
diff --git a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
index 070ce0b204..8bd67ea8a4 100644
--- a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
+++ b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
@@ -13,12 +13,12 @@ ms.prod: w7
 # Getting Started with DaRT 7.0
 
 
-DaRT requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [http://go.microsoft.com/fwlink/p/?LinkId=80347](http://go.microsoft.com/fwlink/?LinkId=80347).
+DaRT requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
 
 This section provides general information for administrators who are evaluating and using Microsoft Diagnostics and Recovery Toolset (DaRT) 7.
 
 **Note**  
-A downloadable version of this document and the DaRT 7 Evaluation Guide can be downloaded from <http://go.microsoft.com/fwlink/?LinkId=232274>.
+A downloadable version of this document and the DaRT 7 Evaluation Guide can be downloaded from <https://go.microsoft.com/fwlink/?LinkId=232274>.
 
  
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
index 1f376b0945..1f0f1174e8 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
@@ -34,9 +34,9 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
 
 For more information about how to deploy DaRT as a remote partition, see the following:
 
--   [Walkthrough: Deploy an Image by Using PXE](http://go.microsoft.com/fwlink/?LinkId=212108)
+-   [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108)
 
--   [Windows Deployment Services Getting Started Guide](http://go.microsoft.com/fwlink/?LinkId=212106)
+-   [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106)
 
 ## Related topics
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
index e4131ffd30..5edc3fa7e6 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
@@ -34,13 +34,13 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
-    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](http://go.microsoft.com/fwlink/?LinkId=214222).
+    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222).
 
 4.  Replace the target partition in your Windows 7 image with the recovery partition.
 
-After your Windows 7 image is ready, distribute the image to computers in your enterprise by using your company’s standard image deployment process. For more information about how to create a Windows 7 image, see [Building a Standard Image of Windows 7: Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=212103).
+After your Windows 7 image is ready, distribute the image to computers in your enterprise by using your company’s standard image deployment process. For more information about how to create a Windows 7 image, see [Building a Standard Image of Windows 7: Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=212103).
 
-For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](http://go.microsoft.com/fwlink/?LinkId=214221).
+For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221).
 
 ## Related topics
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
index 122915aa9a..20ae92ca78 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
@@ -13,7 +13,7 @@ ms.prod: w7
 # How to Deploy the DaRT Recovery Image Using a USB Flash Drive
 
 
-After you have finished running the **DaRT Recovery Image Wizard**, you can use the tool at <http://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
+After you have finished running the **DaRT Recovery Image Wizard**, you can use the tool at <https://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
 
 You can also manually copy the ISO image file to a UFD by following the steps provided in this section.
 
diff --git a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
index 8e663a0e6e..47324aed1c 100644
--- a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
@@ -84,7 +84,7 @@ A file is provided that is named inv32.xml and contains remote connection inform
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](http://go.microsoft.com/fwlink/?LinkId=219413).
+1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
     Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
diff --git a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
index 9395091dd1..9639ec5f67 100644
--- a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
@@ -63,7 +63,7 @@ For more information about remotely running the DaRT tools, see [How to Recover
 
 ### To add the Debugging Tools for Windows to the DaRT recovery image
 
-In the **Crash Analyzer** dialog box of the **DaRT Recovery Image Wizard**, you are asked to specify the location of the Debugging Tools for Windows. If you do not have a copy of the tools, you can download them from Microsoft. The following link to the download page is provided in the wizard: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).
+In the **Crash Analyzer** dialog box of the **DaRT Recovery Image Wizard**, you are asked to specify the location of the Debugging Tools for Windows. If you do not have a copy of the tools, you can download them from Microsoft. The following link to the download page is provided in the wizard: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).
 
 You can either specify the location of the debugging tools on the computer where you are running the **DaRT Recovery Image Wizard**, or you can decide to use the tools that are located on the destination computer. If you decide to use a copy on another computer, you must make sure that the tools are installed on each computer on which you are diagnosing a crash.
 
diff --git a/mdop/dart-v7/index.md b/mdop/dart-v7/index.md
index d973a76adc..4a73455bd5 100644
--- a/mdop/dart-v7/index.md
+++ b/mdop/dart-v7/index.md
@@ -42,11 +42,11 @@ DaRT is an important part of the Microsoft Desktop Optimization Pack (MDOP), a d
 <a href="" id="release-notes-for-dart-7-0"></a>[Release Notes for DaRT 7.0](release-notes-for-dart-70-new-ia.md)  
 View updated product information and known issues for DaRT 7.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
index 00a6fe704b..29c955432d 100644
--- a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
+++ b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
@@ -33,7 +33,7 @@ The following items are required or recommended for creating the DaRT recovery i
 
 -   Windows Debugging Tools for your platform
 
-    Windows Debugging Tools are required when you run **Crash Analyzer** to determine the cause of a computer crash. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. If it is necessary, you can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).
+    Windows Debugging Tools are required when you run **Crash Analyzer** to determine the cause of a computer crash. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. If it is necessary, you can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).
 
 -   Optional: **Standalone System Sweeper** definitions
 
diff --git a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
index 4500f156a1..d085930a67 100644
--- a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
+++ b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
@@ -37,7 +37,7 @@ We are interested in your feedback on DaRT 7. You can send your feedback to dar
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with DaRT 7.0
 
@@ -58,7 +58,7 @@ If you delete a file that has Unicode characters in its file name and try to res
 
 DaRT command-line installation fails silently if run with the quiet mode option unless it is run by using elevated administrator permissions.
 
-**Workaround:** Run the command-line installation by using elevated administrator permissions. DaRT installation supports the typical Windows Installer options for command-line installation. Please see [Command-Line Options](http://go.microsoft.com/fwlink/?LinkId=160689) for Windows Installer for more information about the several available switches.
+**Workaround:** Run the command-line installation by using elevated administrator permissions. DaRT installation supports the typical Windows Installer options for command-line installation. Please see [Command-Line Options](https://go.microsoft.com/fwlink/?LinkId=160689) for Windows Installer for more information about the several available switches.
 
 ### File Search cannot move a folder to a different volume
 
diff --git a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
index cc0700ce62..a712896fe8 100644
--- a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
+++ b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
@@ -13,7 +13,7 @@ ms.prod: w7
 # Troubleshooting DaRT 7.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/dart-v8/about-dart-80-dart-8.md b/mdop/dart-v8/about-dart-80-dart-8.md
index 852ee39b05..edf23960e4 100644
--- a/mdop/dart-v8/about-dart-80-dart-8.md
+++ b/mdop/dart-v8/about-dart-80-dart-8.md
@@ -60,7 +60,7 @@ For more information, and for late-breaking news that did not make it into the d
 ## How to Get DaRT 8.0
 
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/about-dart-80-sp1.md b/mdop/dart-v8/about-dart-80-sp1.md
index d71b6c5db4..1e5ac5d349 100644
--- a/mdop/dart-v8/about-dart-80-sp1.md
+++ b/mdop/dart-v8/about-dart-80-sp1.md
@@ -50,7 +50,7 @@ DaRT 8.0 SP1 includes a rollup of fixes to address issues found since the DaRT 8
 ## How to Get DaRT 8.0 SP1
 
 
-DaRT 8.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 8.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/about-dart-81.md b/mdop/dart-v8/about-dart-81.md
index 7f311fe098..49272ee233 100644
--- a/mdop/dart-v8/about-dart-81.md
+++ b/mdop/dart-v8/about-dart-81.md
@@ -26,7 +26,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh
 
     -   The DaRT 8.1 image is built on Windows 8.1 Update 1 or later.
 
-    For more information about WIMBoot, see [Windows Image File Boot (WIMBoot) Overview](http://go.microsoft.com/fwlink/?LinkId=517536).
+    For more information about WIMBoot, see [Windows Image File Boot (WIMBoot) Overview](https://go.microsoft.com/fwlink/?LinkId=517536).
 
 -   **Support for Windows Server 2012 R2 and Windows 8.1**
 
@@ -61,7 +61,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh
 
 -   **Microsoft .NET Framework 4.5.1**
 
-    DaRT 8.1 requires that .NET Framework 4.5.1 is installed. To download, see [Microsoft.NET Framework 4.5.1](http://go.microsoft.com/fwlink/?LinkId=329038) in the Microsoft Download Center.
+    DaRT 8.1 requires that .NET Framework 4.5.1 is installed. To download, see [Microsoft.NET Framework 4.5.1](https://go.microsoft.com/fwlink/?LinkId=329038) in the Microsoft Download Center.
 
 -   **Windows 8.1 Debugging Tools**
 
@@ -99,7 +99,7 @@ DaRT 8.1 is available in the following languages:
 ## How to Get MDOP Technologies
 
 
-DaRT 8.1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 8.1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
index ba9a4f51d9..15e828341c 100644
--- a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
+++ b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
index f28f338047..b0f7f20fd2 100644
--- a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
@@ -131,7 +131,7 @@ If you include the Crash Analyzer tool in the ISO image, you must also include t
 
 If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 8 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 8 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
 
-To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
+To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
 
 **Note**  
 The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
diff --git a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
index 3108fce152..fe2208a231 100644
--- a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
+++ b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
@@ -52,7 +52,7 @@ We will occasionally update this privacy statement to reflect changes in our pro
 ## For More Information
 
 
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](http://go.microsoft.com/fwlink/?LinkID=245853).
+Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853).
 
 Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA
 
@@ -68,15 +68,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Update Services Privacy Statement at [http://go.microsoft.com/fwlink/?LinkId=244000](http://go.microsoft.com/fwlink/?LinkId=244400).
+For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400).
 
 ## Windows Defender Offline
 
@@ -87,15 +87,15 @@ Windows Defender Offline (WDO) is included in the DaRT download. WDO helps prote
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the WDO Privacy Statement at [http://go.microsoft.com/fwlink/?LinkId=246081](http://go.microsoft.com/fwlink/?LinkID=211807).
+For details about what information is collected and how it is used, see the WDO Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=246081](https://go.microsoft.com/fwlink/?LinkID=211807).
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the WDO Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=246081>.
+For details about what information is collected and how it is used, see the WDO Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=246081>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Windows Defender Offline Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=246081>.
+For details about controlling this feature, see the Windows Defender Offline Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=246081>.
 
 ## Related topics
 
diff --git a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
index 039d32f356..872da76c34 100644
--- a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
+++ b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
@@ -111,7 +111,7 @@ Make sure that you allocate enough space for any additional tools that you want
  
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/dart-v8/deploying-dart-80-dart-8.md b/mdop/dart-v8/deploying-dart-80-dart-8.md
index 8f3c973c4e..26bd31169b 100644
--- a/mdop/dart-v8/deploying-dart-80-dart-8.md
+++ b/mdop/dart-v8/deploying-dart-80-dart-8.md
@@ -36,7 +36,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 supports a number of diffe
 
 ### How to get DaRT
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/p/?LinkId=322049) (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/p/?LinkId=322049) (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 ## Other Resources for deploying DaRT
 
diff --git a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
index cbaefbe48b..76300d9651 100644
--- a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
+++ b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
@@ -36,7 +36,7 @@ You can change, repair, or remove the DaRT installation by double-clicking the D
 ## How to get DaRT 8.0
 
 
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Other resources for deploying the DaRT 8.0 to administrator computers
 
diff --git a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
index b7cf71b4a0..25a08c738d 100644
--- a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
+++ b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
@@ -13,12 +13,12 @@ ms.prod: w8
 # Getting Started with DaRT 8.0
 
 
-Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [http://go.microsoft.com/fwlink/p/?LinkId=80347](http://go.microsoft.com/fwlink/?LinkId=80347).
+Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272493> (http://go.microsoft.com/fwlink/?LinkId=272493).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272493> (https://go.microsoft.com/fwlink/?LinkId=272493).
 
-Additional downloadable information about this product can also be found at <http://go.microsoft.com/fwlink/?LinkId=267420>.
+Additional downloadable information about this product can also be found at <https://go.microsoft.com/fwlink/?LinkId=267420>.
 
  
 
@@ -40,7 +40,7 @@ Additional downloadable information about this product can also be found at <htt
 ## How to Get DaRT 8.0
 
 
-DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
diff --git a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
index 0e281bcce4..e752e88d1d 100644
--- a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Deploy DaRT 8.0
 
 
-The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 in your environment. To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 8.0 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
+The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 in your environment. To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 8.0 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
 
 **Important**  
 Before you install DaRT, see [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 8 or Windows Server 2012.
diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
index 533309871f..897ac180e8 100644
--- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
@@ -32,7 +32,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures.
 
-For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](http://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](http://go.microsoft.com/fwlink/?LinkId=212106).
+For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
index d54e1fefae..9f716da0a5 100644
--- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
@@ -34,11 +34,11 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
-    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](http://go.microsoft.com/fwlink/?LinkId=214222).
+    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222).
 
 4.  Replace the target partition in your Windows 8 image with the recovery partition.
 
-    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](http://go.microsoft.com/fwlink/?LinkId=214221).
+    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
index 27123b0c22..69c3dce751 100644
--- a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
+++ b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
@@ -89,7 +89,7 @@ A file is provided that is named inv32.xml and contains remote connection inform
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](http://go.microsoft.com/fwlink/?LinkId=219413).
+1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
     Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
diff --git a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
index 286ec2cba8..c64653f0c5 100644
--- a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
+++ b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Run the Crash Analyzer on an End-user Computer
 
 
-To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248).
+To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248).
 
 **To run the Crash Analyzer on an end-user computer**
 
diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md
index 5e0d6c2d68..aa7739f75f 100644
--- a/mdop/dart-v8/index.md
+++ b/mdop/dart-v8/index.md
@@ -43,17 +43,17 @@ DaRT 8.0 is an important part of the Microsoft Desktop Optimization Pack (MDOP),
 
 ### More Information
 
-<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049)  
+<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049)  
 Get information about how to download DaRT.
 
 <a href="" id="release-notes-for-dart-8-0"></a>[Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md)  
 View updated product information and known issues for DaRT 8.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md b/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
index d5759a4c80..f40ebfb98c 100644
--- a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
+++ b/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
@@ -22,7 +22,7 @@ The Windows Defender tool distributes anti-malware updates more frequently than
 
 Currently deployed DaRT images do not have to be removed or updated. We recommend that you deploy the bootable image that is provided by Windows Defender Offline for all future malware scans. Using an outdated version of the DaRT Defender tool could result in undetected malware.
 
-For more information about Windows Defender Offline downloads and FAQs, go to the following website: [What is Windows Defender Offline?](http://go.microsoft.com/fwlink/p/?LinkId=394127).
+For more information about Windows Defender Offline downloads and FAQs, go to the following website: [What is Windows Defender Offline?](https://go.microsoft.com/fwlink/p/?LinkId=394127).
 
  
 
diff --git a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
index d7368301d7..ae8c0392cd 100644
--- a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
@@ -45,7 +45,7 @@ The following items are required or recommended for creating the DaRT recovery i
 </tr>
 <tr class="odd">
 <td align="left"><p>Windows Debugging Tools for your platform</p></td>
-<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
+<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Optional: <strong>Defender</strong> definitions</p></td>
diff --git a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
index afe0bcba01..99d7be85b7 100644
--- a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
+++ b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
@@ -19,14 +19,14 @@ Read these release notes thoroughly before you install Microsoft Diagnostics and
 
 These release notes contain information that is required to successfully install DaRT 8.0. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product.
 
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## About the product documentation
 
 
-For information about documentation for DaRT, see the [DaRT home page](http://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
+For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
 
-To obtain a downloadable copy of DaRT documentation, see <http://go.microsoft.com/fwlink/?LinkID=267420> on the Microsoft Download Center.
+To obtain a downloadable copy of DaRT documentation, see <https://go.microsoft.com/fwlink/?LinkID=267420> on the Microsoft Download Center.
 
 ## Providing feedback
 
@@ -38,9 +38,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known issues with DaRT 8.0
 
diff --git a/mdop/dart-v8/release-notes-for-dart-80-sp1.md b/mdop/dart-v8/release-notes-for-dart-80-sp1.md
index b5a77cc607..8be4a28b96 100644
--- a/mdop/dart-v8/release-notes-for-dart-80-sp1.md
+++ b/mdop/dart-v8/release-notes-for-dart-80-sp1.md
@@ -22,7 +22,7 @@ These release notes contain information that is required to successfully install
 ## About the product documentation
 
 
-For information about documentation for DaRT, see the [DaRT home page](http://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
+For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
 
 ## Known issues with DaRT 8.0 SP1
 
diff --git a/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md b/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md
index b540c4f38c..2be87d0146 100644
--- a/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md
+++ b/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md
@@ -22,7 +22,7 @@ This topic contains a brief overview about the accounts and groups, log files, a
 
 **Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/?LinkId=28819>).
 
 ## Limit end-user access to DaRT tools
 
diff --git a/mdop/dart-v8/troubleshooting-dart-80-dart-8.md b/mdop/dart-v8/troubleshooting-dart-80-dart-8.md
index 5087597b76..4452434a46 100644
--- a/mdop/dart-v8/troubleshooting-dart-80-dart-8.md
+++ b/mdop/dart-v8/troubleshooting-dart-80-dart-8.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting DaRT 8.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to find troubleshooting content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/index.md b/mdop/index.md
index 4632622c96..0863054ac2 100644
--- a/mdop/index.md
+++ b/mdop/index.md
@@ -10,7 +10,7 @@ author: jamiejdt
 
 The Microsoft Desktop Optimization Pack (MDOP) is a portfolio of technologies available as a subscription for Software Assurance customers. MDOP helps to improve compatibility and management, reduce support costs, improve asset management, and improve policy control.
 
-The MDOP Information Experience provides product documentation, videos, blogs, and other resources to help users implement and optimize their experience with the MDOP technologies. You can learn about updates and events by following us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+The MDOP Information Experience provides product documentation, videos, blogs, and other resources to help users implement and optimize their experience with the MDOP technologies. You can learn about updates and events by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## MDOP Documentation Links
 
@@ -31,14 +31,14 @@ The following table provides links to the product documentation for the MDOP pro
 <p><strong>AGPM 4.0</strong> - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2</p>
 <p><strong>AGPM 3.0</strong>- Windows Vista SP1, Windows Server 2008</p>
 <p><strong>AGPM 2.5</strong> - Windows Vista, Windows Server 2003</p></td>
-<td align="left"><p>[Overview of Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/p/?LinkId=232980)(http://go.microsoft.com/fwlink/p/?LinkId=232980)</p>
+<td align="left"><p>[Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=232980)(https://go.microsoft.com/fwlink/p/?LinkId=232980)</p>
 <p>[AGPM 4.0 SP3](https://technet.microsoft.com/library/mt346468.aspx) (https://technet.microsoft.com/library/mt346468.aspx)</p>
-<p>[AGPM 4.0 SP2](http://go.microsoft.com/fwlink/p/?LinkId=325035) (http://go.microsoft.com/fwlink/p/?LinkId=325035)</p>
-<p>[AGPM 4.0 SP1](http://go.microsoft.com/fwlink/p/?LinkId=286715) (http://go.microsoft.com/fwlink/p/?LinkId=286715)</p>
-<p>[AGPM 4.0](http://go.microsoft.com/fwlink/p/?LinkId=232964) (http://go.microsoft.com/fwlink/p/?LinkId=232964)</p>
-<p>[AGPM 3.0](http://go.microsoft.com/fwlink/p/?LinkId=232967) (http://go.microsoft.com/fwlink/p/?LinkId=232967)</p>
-<p>[AGPM 2.5](http://go.microsoft.com/fwlink/p/?LinkId=232969) (http://go.microsoft.com/fwlink/p/?LinkId=232969)</p>
-<p>[AGPM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232275) (http://go.microsoft.com/fwlink/p/?LinkId=232275)</p></td>
+<p>[AGPM 4.0 SP2](https://go.microsoft.com/fwlink/p/?LinkId=325035) (https://go.microsoft.com/fwlink/p/?LinkId=325035)</p>
+<p>[AGPM 4.0 SP1](https://go.microsoft.com/fwlink/p/?LinkId=286715) (https://go.microsoft.com/fwlink/p/?LinkId=286715)</p>
+<p>[AGPM 4.0](https://go.microsoft.com/fwlink/p/?LinkId=232964) (https://go.microsoft.com/fwlink/p/?LinkId=232964)</p>
+<p>[AGPM 3.0](https://go.microsoft.com/fwlink/p/?LinkId=232967) (https://go.microsoft.com/fwlink/p/?LinkId=232967)</p>
+<p>[AGPM 2.5](https://go.microsoft.com/fwlink/p/?LinkId=232969) (https://go.microsoft.com/fwlink/p/?LinkId=232969)</p>
+<p>[AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275) (https://go.microsoft.com/fwlink/p/?LinkId=232275)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Microsoft Application Virtualization</strong> (App-V) lets you make applications available to end user computers without installing the applications directly on those computers.</p></td>
@@ -52,20 +52,20 @@ The following table provides links to the product documentation for the MDOP pro
 <p>[About Microsoft Application Virtualization 4.6 SP1](appv-v4/about-microsoft-application-virtualization-46-sp1.md)</p>
 <p>[About Microsoft Application Virtualization 4.6](appv-v4/about-microsoft-application-virtualization-46.md)</p>
 <p>[About Microsoft Application Virtualization 4.5](appv-v4/about-microsoft-application-virtualization-45.md)</p>
-<p>[SoftGrid](http://go.microsoft.com/fwlink/p/?LinkId=232981) (http://go.microsoft.com/fwlink/p/?LinkId=232981)</p>
-<p>[App-V Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231902) (http://go.microsoft.com/fwlink/p/?LinkId=231902)</p>
-<p>[App-V 5.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309570) (http://go.microsoft.com/fwlink/p/?LinkId=309570)</p></td>
+<p>[SoftGrid](https://go.microsoft.com/fwlink/p/?LinkId=232981) (https://go.microsoft.com/fwlink/p/?LinkId=232981)</p>
+<p>[App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902) (https://go.microsoft.com/fwlink/p/?LinkId=231902)</p>
+<p>[App-V 5.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309570) (https://go.microsoft.com/fwlink/p/?LinkId=309570)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Microsoft BitLocker Administration and Monitoring</strong> (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.</p></td>
 <td align="left"><p>[Microsoft BitLocker Administration and Monitoring 2.5](mbam-v25/index.md)</p>
-<p>[MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](http://go.microsoft.com/fwlink/?LinkId=518206) (http://go.microsoft.com/fwlink/?LinkId=518206)</p>
+<p>[MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) (https://go.microsoft.com/fwlink/?LinkId=518206)</p>
 <p>[About MBAM 2.5 SP1](mbam-v25/about-mbam-25-sp1.md)</p>
 <p>[About MBAM 2.0 SP1](mbam-v2/about-mbam-20-sp1.md)</p>
 <p>[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](mbam-v2/index.md)</p>
 <p>[Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](mbam-v1/index.md)</p>
-<p>[MBAM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231905) (http://go.microsoft.com/fwlink/p/?LinkId=231905)</p>
-<p>[MBAM 1.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309571) (http://go.microsoft.com/fwlink/p/?LinkId=309571)</p></td>
+<p>[MBAM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231905) (https://go.microsoft.com/fwlink/p/?LinkId=231905)</p>
+<p>[MBAM 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309571) (https://go.microsoft.com/fwlink/p/?LinkId=309571)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Microsoft Diagnostics and Recovery Toolset</strong> (DaRT) helps troubleshoot and repair Windows-based computers.</p>
@@ -82,15 +82,15 @@ The following table provides links to the product documentation for the MDOP pro
 <p>[About DaRT 8.0 SP1](dart-v8/about-dart-80-sp1.md)</p>
 <p>[Diagnostics and Recovery Toolset 8 Administrator's Guide](dart-v8/index.md)</p>
 <p>[Diagnostics and Recovery Toolset 7 Administrator's Guide](dart-v7/index.md)</p>
-<p>[DaRT 6.5](http://go.microsoft.com/fwlink/p/?LinkId=232983) (http://go.microsoft.com/fwlink/p/?LinkId=232983)</p>
-<p>[DaRT Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232274) (http://go.microsoft.com/fwlink/p/?LinkId=232274)</p>
-<p>[DaRT 8.0 eBook](http://go.microsoft.com/fwlink/p/?LinkId=309573) (http://go.microsoft.com/fwlink/p/?LinkId=309573)</p>
-<p>[DaRT 7.0 eBook](http://go.microsoft.com/fwlink/p/?LinkId=309572) (http://go.microsoft.com/fwlink/p/?LinkId=309572)</p></td>
+<p>[DaRT 6.5](https://go.microsoft.com/fwlink/p/?LinkId=232983) (https://go.microsoft.com/fwlink/p/?LinkId=232983)</p>
+<p>[DaRT Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232274) (https://go.microsoft.com/fwlink/p/?LinkId=232274)</p>
+<p>[DaRT 8.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309573) (https://go.microsoft.com/fwlink/p/?LinkId=309573)</p>
+<p>[DaRT 7.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309572) (https://go.microsoft.com/fwlink/p/?LinkId=309572)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Microsoft Desktop Enterprise Monitoring</strong> (DEM) monitors and reports enterprise-wide desktop application and system failures.</p></td>
-<td align="left"><p>[DEM 3.5](http://go.microsoft.com/fwlink/p/?LinkId=232985) (http://go.microsoft.com/fwlink/p/?LinkId=232985)</p>
-<p>[DEM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232276) (http://go.microsoft.com/fwlink/p/?LinkId=232276)</p></td>
+<td align="left"><p>[DEM 3.5](https://go.microsoft.com/fwlink/p/?LinkId=232985) (https://go.microsoft.com/fwlink/p/?LinkId=232985)</p>
+<p>[DEM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232276) (https://go.microsoft.com/fwlink/p/?LinkId=232276)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Microsoft Enterprise Desktop Virtualization</strong> (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization.</p>
@@ -100,7 +100,7 @@ The following table provides links to the product documentation for the MDOP pro
 <td align="left"><p>[Microsoft Enterprise Desktop Virtualization 2.0](medv-v2/index.md)</p>
 <p>[About MED-V 1.0 SP1](medv-v1/about-med-v-10-sp1.md)</p>
 <p>[Microsoft Enterprise Desktop Virtualization 1.0](medv-v1/index.md)</p>
-<p>[MED-V Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231903) (http://go.microsoft.com/fwlink/p/?LinkId=231903)</p></td>
+<p>[MED-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231903) (https://go.microsoft.com/fwlink/p/?LinkId=231903)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Microsoft User Experience Virtualization</strong> (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions.</p></td>
@@ -110,7 +110,7 @@ The following table provides links to the product documentation for the MDOP pro
 <p>[What's New in UE-V 2.0](uev-v2/whats-new-in-ue-v-20-new-uevv2.md)</p>
 <p>[About User Experience Virtualization 1.0 SP1](uev-v1/about-user-experience-virtualization-10-sp1.md)</p>
 <p>[Microsoft User Experience Virtualization (UE-V) 1.0](uev-v1/index.md)</p>
-<p>[UE-V 1.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309574) (http://go.microsoft.com/fwlink/p/?LinkId=309574)</p></td>
+<p>[UE-V 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309574) (https://go.microsoft.com/fwlink/p/?LinkId=309574)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[MDOP Solutions and Scenarios](solutions/index.md)</p></td>
@@ -138,20 +138,20 @@ In addition to the product documentation available online, supplemental product
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>MDOP Videos</strong></p></td>
-<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](http://go.microsoft.com/fwlink/p/?LinkId=234275) (http://go.microsoft.com/fwlink/p/?LinkId=234275).</p></td>
+<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/p/?LinkId=234275) (https://go.microsoft.com/fwlink/p/?LinkId=234275).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>MDOP Virtual Labs</strong></p></td>
-<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](http://go.microsoft.com/fwlink/p/?LinkId=234276) (http://go.microsoft.com/fwlink/p/?LinkId=234276).</p></td>
+<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/p/?LinkId=234276) (https://go.microsoft.com/fwlink/p/?LinkId=234276).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>MDOP TechCenter</strong></p></td>
-<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=225286) (http://go.microsoft.com/fwlink/p/?LinkId=225286)</p>
+<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=225286) (https://go.microsoft.com/fwlink/p/?LinkId=225286)</p>
 <p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>MDOP Forums</strong></p></td>
-<td align="left"><p>Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](http://go.microsoft.com/fwlink/p/?LinkId=286973) (http://go.microsoft.com/fwlink/p/?LinkId=286973).</p></td>
+<td align="left"><p>Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](https://go.microsoft.com/fwlink/p/?LinkId=286973) (https://go.microsoft.com/fwlink/p/?LinkId=286973).</p></td>
 </tr>
 </tbody>
 </table>
@@ -167,7 +167,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
 MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
 
 <a href="" id="download-mdop"></a>**Download MDOP**  
-MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](http://go.microsoft.com/fwlink/p/?LinkId=166331).
+MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331).
 
 <a href="" id="purchase-mdop"></a>**Purchase MDOP**  
 Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
diff --git a/mdop/mbam-v1/about-mbam-10.md b/mdop/mbam-v1/about-mbam-10.md
index f4c118ca23..e2ef22c1fb 100644
--- a/mdop/mbam-v1/about-mbam-10.md
+++ b/mdop/mbam-v1/about-mbam-10.md
@@ -18,7 +18,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified a
 With Microsoft BitLocker Administration and Monitoring, you can select the BitLocker encryption policy options that are appropriate for your enterprise so that you can monitor the client compliance with those policies and then report the encryption status of both the enterprise and individual computers. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.
 
 **Note**  
-BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
diff --git a/mdop/mbam-v1/accessibility-for-mbam-10.md b/mdop/mbam-v1/accessibility-for-mbam-10.md
index 4f7f4dbc5b..8b435e8c20 100644
--- a/mdop/mbam-v1/accessibility-for-mbam-10.md
+++ b/mdop/mbam-v1/accessibility-for-mbam-10.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
index f125457210..69969978ba 100644
--- a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
+++ b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Deploying the MBAM 1.0 Server Infrastructure
 
 
-You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](http://go.microsoft.com/fwlink/p/?LinkId=258314).
+You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](https://go.microsoft.com/fwlink/p/?LinkId=258314).
 
 ## Deploy all MBAM 1.0 on a single server
 
diff --git a/mdop/mbam-v1/evaluating-mbam-10.md b/mdop/mbam-v1/evaluating-mbam-10.md
index b78e64d267..0b462a18f1 100644
--- a/mdop/mbam-v1/evaluating-mbam-10.md
+++ b/mdop/mbam-v1/evaluating-mbam-10.md
@@ -69,7 +69,7 @@ BACKUP CERTIFICATE tdeCert TO FILE = &#39;C:\Backup\TDECertificate.cer&#39;
          ENCRYPTION BY PASSWORD = &#39;P@55w0rd&#39;);
 GO</code></pre></td>
 <td align="left"><p>[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)</p>
-<p>[Database Encryption in SQL Server 2008 Enterprise Edition](http://go.microsoft.com/fwlink/?LinkId=269703)</p></td>
+<p>[Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703)</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md
index 628a1b8928..ac95a2fb22 100644
--- a/mdop/mbam-v1/getting-started-with-mbam-10.md
+++ b/mdop/mbam-v1/getting-started-with-mbam-10.md
@@ -15,14 +15,14 @@ ms.prod: w8
 
 Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership.
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-You can find a downloadable version of this documentation and the MBAM Evaluation Guide at <http://go.microsoft.com/fwlink/p/?LinkId=225356>.
+You can find a downloadable version of this documentation and the MBAM Evaluation Guide at <https://go.microsoft.com/fwlink/p/?LinkId=225356>.
 
  
 
-This section of the MBAM Administrator’s Guide includes high-level information about MBAM to provide you with a basic understanding of the product before you begin the deployment planning. Additional MBAM documentation can be found on the MBAM Documentation Resources Download page at <http://go.microsoft.com/fwlink/p/?LinkId=258391>.
+This section of the MBAM Administrator’s Guide includes high-level information about MBAM to provide you with a basic understanding of the product before you begin the deployment planning. Additional MBAM documentation can be found on the MBAM Documentation Resources Download page at <https://go.microsoft.com/fwlink/p/?LinkId=258391>.
 
 ## Getting started with MBAM 1.0
 
diff --git a/mdop/mbam-v1/high-availability-for-mbam-10.md b/mdop/mbam-v1/high-availability-for-mbam-10.md
index 2fdfbd6599..38b2537dc6 100644
--- a/mdop/mbam-v1/high-availability-for-mbam-10.md
+++ b/mdop/mbam-v1/high-availability-for-mbam-10.md
@@ -32,11 +32,11 @@ When you plan your MBAM installation, consider the following concerns that can a
 
 The main concern for MBAM high availability is BitLocker key recovery availability. If the help desk cannot provide recovery keys, users who are locked out cannot unlock their computers. To avoid this problem, consider implementing redundant web servers and databases to ensure high availability.
 
-For more information about MBAM scalability and high availability, see the [MBAM Scalability White Paper](http://go.microsoft.com/fwlink/p/?LinkId=229025) (http://go.microsoft.com/fwlink/p/?LinkId=229025).
+For more information about MBAM scalability and high availability, see the [MBAM Scalability White Paper](https://go.microsoft.com/fwlink/p/?LinkId=229025) (https://go.microsoft.com/fwlink/p/?LinkId=229025).
 
-For general guidance on high availability for Microsoft SQL Server, see [High Availability](http://go.microsoft.com/fwlink/p/?LinkId=221504) (http://go.microsoft.com/fwlink/p/?LinkId=221504).
+For general guidance on high availability for Microsoft SQL Server, see [High Availability](https://go.microsoft.com/fwlink/p/?LinkId=221504) (https://go.microsoft.com/fwlink/p/?LinkId=221504).
 
-For general guidance on availability and scalability for web servers, see [Availability and Scalability](http://go.microsoft.com/fwlink/p/?LinkId=221503) (http://go.microsoft.com/fwlink/p/?LinkId=221503).
+For general guidance on availability and scalability for web servers, see [Availability and Scalability](https://go.microsoft.com/fwlink/p/?LinkId=221503) (https://go.microsoft.com/fwlink/p/?LinkId=221503).
 
 ## Related topics
 
diff --git a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
index 57d66ff003..25af4e0a30 100644
--- a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
+++ b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 Microsoft BitLocker Administration and Monitoring (MBAM) is a client/server data encryption solution that can help you simplify BitLocker provisioning and deployment, improve BitLocker compliance and reporting, and reduce support costs. MBAM includes the features that are described in this topic.
 
-Additionally, there is a video that provides an overview of the MBAM architecture and MBAM Setup. For more information, see [MBAM Deployment and Architecture Overview](http://go.microsoft.com/fwlink/p/?LinkId=258392).
+Additionally, there is a video that provides an overview of the MBAM architecture and MBAM Setup. For more information, see [MBAM Deployment and Architecture Overview](https://go.microsoft.com/fwlink/p/?LinkId=258392).
 
 ## Architecture Overview
 
diff --git a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
index 4eccfd6064..1cc7c2b4b0 100644
--- a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
+++ b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
@@ -47,7 +47,7 @@ The following steps describe how to configure an NLB cluster virtual name and IP
 Before you begin the procedures described in this topic, you must have the MBAM Administration and Monitoring Server feature successfully installed by using the same IIS port binding on two separate server computers that meet the prerequisites for both MBAM Server feature installation and NLB Cluster configuration.
 
 **Note**  
-This topic describes the basic process of using Network Load Balancing Manager to create an NLB Cluster. The exact steps to configure a Windows Server as part of an NLB cluster depend on the Windows Server version in use.. For more information about how to create NLBs on Windows Server 2008, see [Creating Network Load Balancing Clusters](http://go.microsoft.com/fwlink/?LinkId=197176) in the Windows Server 2008 TechNet library.
+This topic describes the basic process of using Network Load Balancing Manager to create an NLB Cluster. The exact steps to configure a Windows Server as part of an NLB cluster depend on the Windows Server version in use.. For more information about how to create NLBs on Windows Server 2008, see [Creating Network Load Balancing Clusters](https://go.microsoft.com/fwlink/?LinkId=197176) in the Windows Server 2008 TechNet library.
 
  
 
diff --git a/mdop/mbam-v1/index.md b/mdop/mbam-v1/index.md
index 22a039ab4b..e1d4cafd4f 100644
--- a/mdop/mbam-v1/index.md
+++ b/mdop/mbam-v1/index.md
@@ -38,11 +38,11 @@ Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified a
 <a href="" id="release-notes-for-mbam-1-0"></a>[Release Notes for MBAM 1.0](release-notes-for-mbam-10.md)  
 View updated product information and known issues for MBAM 1.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
index 4f8f3f7279..389a47b9e9 100644
--- a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
+++ b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
@@ -32,7 +32,7 @@ If you are using a certificate for authentication between MBAM servers, after up
 
 ### MBAM Svclog File Filling Disk Space
 
-If you have followed Knowledge Base article 2668170, [http://support.microsoft.com/kb/2668170](http://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update.
+If you have followed Knowledge Base article 2668170, [http://support.microsoft.com/kb/2668170](https://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update.
 
 **Workaround**: None.
 
diff --git a/mdop/mbam-v1/maintaining-mbam-10.md b/mdop/mbam-v1/maintaining-mbam-10.md
index edbecc6098..d0fc680506 100644
--- a/mdop/mbam-v1/maintaining-mbam-10.md
+++ b/mdop/mbam-v1/maintaining-mbam-10.md
@@ -22,7 +22,7 @@ The Microsoft System Center Operations Manager Management Pack for MBAM is a
 
 This management pack monitors the critical interactions in the server-side infrastructure, such as the connections between the web services and databases and the operational calls between websites and their supportive web service. It also uploads the requests between desktop clients and their respective receiving web service endpoints.
 
-[Microsoft BitLocker Administration And Monitoring Management Pack](http://go.microsoft.com/fwlink/p/?LinkId=258390)
+[Microsoft BitLocker Administration And Monitoring Management Pack](https://go.microsoft.com/fwlink/p/?LinkId=258390)
 
 ## Ensure high availability for MBAM 1.0
 
diff --git a/mdop/mbam-v1/mbam-10-supported-configurations.md b/mdop/mbam-v1/mbam-10-supported-configurations.md
index 556ee45582..f460c7240a 100644
--- a/mdop/mbam-v1/mbam-10-supported-configurations.md
+++ b/mdop/mbam-v1/mbam-10-supported-configurations.md
@@ -23,7 +23,7 @@ This topic specifies the necessary requirements to install and run Microsoft Bit
 The following table lists the operating systems that are supported for the Microsoft BitLocker Administration and Monitoring Server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -132,7 +132,7 @@ The following table lists the SQL Server versions that are supported for the MB
 The following table lists the operating systems that are supported for MBAM Client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
index b151537b84..2a75bde0f1 100644
--- a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
+++ b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
@@ -31,7 +31,7 @@ The following MBAM features represent the server infrastructure for an MBAM serv
 MBAM server databases and features can be installed in different configurations, depending on your scalability needs. All MBAM Server features can be installed on a single server or distributed across multiple servers. Generally, we recommend that you use a three-server or five-server configuration for production environments, although configurations of two or four servers can also be used, depending on your computing needs.
 
 **Note**  
-For more information about performance scalability of MBAM and recommended deployment topologies, see the MBAM Scalability and High-Availability Guide white paper at <http://go.microsoft.com/fwlink/p/?LinkId=258314>.
+For more information about performance scalability of MBAM and recommended deployment topologies, see the MBAM Scalability and High-Availability Guide white paper at <https://go.microsoft.com/fwlink/p/?LinkId=258314>.
 
  
 
diff --git a/mdop/mbam-v1/release-notes-for-mbam-10.md b/mdop/mbam-v1/release-notes-for-mbam-10.md
index 9cfa0fa3f5..5a2becc998 100644
--- a/mdop/mbam-v1/release-notes-for-mbam-10.md
+++ b/mdop/mbam-v1/release-notes-for-mbam-10.md
@@ -24,7 +24,7 @@ These release notes contain information that is required to successfully install
 
 For information about MBAM documentation, see the MBAM home page on Microsoft TechNet.
 
-To obtain a downloadable copy of the MBAM documentation, see <http://go.microsoft.com/fwlink/p/?LinkId=225356> on the Microsoft Download Center.
+To obtain a downloadable copy of the MBAM documentation, see <https://go.microsoft.com/fwlink/p/?LinkId=225356> on the Microsoft Download Center.
 
 ## Provide Feedback
 
@@ -36,9 +36,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with MBAM 1.0
 
diff --git a/mdop/mbam-v1/security-considerations-for-mbam-10.md b/mdop/mbam-v1/security-considerations-for-mbam-10.md
index ec5c69ad30..18fd7f3ded 100644
--- a/mdop/mbam-v1/security-considerations-for-mbam-10.md
+++ b/mdop/mbam-v1/security-considerations-for-mbam-10.md
@@ -22,9 +22,9 @@ This topic contains a brief overview of the accounts and groups, log files, and
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an MBAM Server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. MBAM servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/p/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/p/?LinkId=30009>).
 
 ## Accounts and Groups in MBAM
 
@@ -186,7 +186,7 @@ When TDE is enabled on a database, all backups are encrypted. Thus, special care
 
 For an example of how to enable TDE for MBAM database instances, see [Evaluating MBAM 1.0](evaluating-mbam-10.md).
 
-For more information about TDE in SQL Server 2008, see [Database Encryption in SQL Server 2008 Enterprise Edition](http://go.microsoft.com/fwlink/?LinkId=269703).
+For more information about TDE in SQL Server 2008, see [Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703).
 
 ## Related topics
 
diff --git a/mdop/mbam-v1/troubleshooting-mbam-10.md b/mdop/mbam-v1/troubleshooting-mbam-10.md
index 31b1dd1859..4a1a361b48 100644
--- a/mdop/mbam-v1/troubleshooting-mbam-10.md
+++ b/mdop/mbam-v1/troubleshooting-mbam-10.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting MBAM 1.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/mbam-v2/about-mbam-20-mbam-2.md b/mdop/mbam-v2/about-mbam-20-mbam-2.md
index ff196a4897..6a57731b36 100644
--- a/mdop/mbam-v2/about-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/about-mbam-20-mbam-2.md
@@ -21,7 +21,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simpl
 BitLocker Administration and Monitoring 2.0 enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of both the enterprise and the individual computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot record changes.
 
 **Note**  
-BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
@@ -94,7 +94,7 @@ For more information, and for late-breaking news that is not included in the doc
 ## How to Get MBAM 2.0
 
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/p/?LinkId=322049)
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/p/?LinkId=322049)
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/about-mbam-20-sp1.md b/mdop/mbam-v2/about-mbam-20-sp1.md
index ed45a5ea60..48b81f4257 100644
--- a/mdop/mbam-v2/about-mbam-20-sp1.md
+++ b/mdop/mbam-v2/about-mbam-20-sp1.md
@@ -131,7 +131,7 @@ You can configure a localized version of the Self-Service Portal “HelpdeskText
 
 2.  In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box.
 
-3.  In the **Name** field, type **HelpdeskText**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the text. For example, to create a localized HelpdeskText statement in Spanish, you would name the parameter HelpdeskText\_es-es. For a list of the valid language codes that you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+3.  In the **Name** field, type **HelpdeskText**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the text. For example, to create a localized HelpdeskText statement in Spanish, you would name the parameter HelpdeskText\_es-es. For a list of the valid language codes that you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized text that you want to display to end users.
 
@@ -145,7 +145,7 @@ You can configure a localized version of the Self-Service Portal HelpdeskURL to
 
 2.  In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box.
 
-3.  In the **Name** field, type **HelpdeskURL**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the URL. For example, to create a localized HelpdeskURL in Spanish, you would name the parameter HelpdeskURL\_es-es. For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+3.  In the **Name** field, type **HelpdeskURL**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the URL. For example, to create a localized HelpdeskURL in Spanish, you would name the parameter HelpdeskURL\_es-es. For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized HelpdeskURL that you want to display to end users.
 
@@ -181,7 +181,7 @@ If an end user’s browser is set to a language that does not have a correspondi
     &lt;*MBAM Self-Service Install Directory*&gt;\\Self Service Website\\
 
     **Note**  
-    Some language folders already exist, so you may not have to create one. If you do need to create a language folder, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*language*&gt; folder.
+    Some language folders already exist, so you may not have to create one. If you do need to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*language*&gt; folder.
 
      
 
@@ -470,7 +470,7 @@ MBAM 2.0 SP1 is now available in the following languages:
 ## How to Get MDOP Technologies
 
 
-MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
index 6dea99fe3f..0dcfc82b06 100644
--- a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
index 67727acd97..d4c943d507 100644
--- a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
+++ b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
@@ -17,7 +17,7 @@ The following procedures describe how to deploy Microsoft BitLocker Administrati
 
 Before you start the installation, ensure that you have met the prerequisites and hardware and software requirements for installing MBAM with Configuration Manager by reviewing [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md).
 
-If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](http://go.microsoft.com/fwlink/?LinkId=286306) for more information.
+If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](https://go.microsoft.com/fwlink/?LinkId=286306) for more information.
 
 The steps to install MBAM with Configuration Manager are grouped into the following categories. Complete the steps for each category to complete the installation.
 
diff --git a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
index 8f6e2c1019..87b442cc09 100644
--- a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
@@ -15,9 +15,9 @@ ms.prod: w8
 
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business requirements, BitLocker Administration and Monitoring 2.0 can help reduce your administrative overhead and total cost of ownership.
 
-If you are new to this product, we recommend that you read the documentation carefully. To get the MBAM software, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/p/?LinkId=322049). Before you deploy MBAM to a production environment, we also recommend that you validate your deployment plan in a test environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation carefully. To get the MBAM software, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/p/?LinkId=322049). Before you deploy MBAM to a production environment, we also recommend that you validate your deployment plan in a test environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
-This section of the MBAM 2.0 Administrator’s Guide includes high-level information about MBAM 2.0 to provide a basic understanding of the product before you begin to plan deployment. For specific information about deploying MBAM with the Configuration Manager integrated topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). You can find additional MBAM documentation on the Microsoft BitLocker Administration and Monitoring (MBAM) Documentation Resources Download Page at <http://go.microsoft.com/fwlink/p/?LinkId=258391>.
+This section of the MBAM 2.0 Administrator’s Guide includes high-level information about MBAM 2.0 to provide a basic understanding of the product before you begin to plan deployment. For specific information about deploying MBAM with the Configuration Manager integrated topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). You can find additional MBAM documentation on the Microsoft BitLocker Administration and Monitoring (MBAM) Documentation Resources Download Page at <https://go.microsoft.com/fwlink/p/?LinkId=258391>.
 
 ## Getting Started with MBAM 2.0
 
diff --git a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
index 9558074f46..7c31fda4ef 100644
--- a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
+++ b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
@@ -137,7 +137,7 @@ The following steps describe how to install general MBAM features.
 
      
 
-10. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](http://go.microsoft.com/fwlink/?LinkId=286758).
+10. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758).
 
 11. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard.
 
@@ -160,13 +160,13 @@ The following steps describe how to install general MBAM features.
 
 2.  Download the four JavaScript files from the Microsoft CDN:
 
-    -   jQuery-1.7.2.min.js - [http://go.microsoft.com/p/fwlink/?LinkID=271736](http://go.microsoft.com/fwlink/p/?LinkID=271736)
+    -   jQuery-1.7.2.min.js - [https://go.microsoft.com/p/fwlink/?LinkID=271736](https://go.microsoft.com/fwlink/p/?LinkID=271736)
 
-    -   MicrosoftAjax.js –[http://go.microsoft.com/p/fwlink/?LinkId=272283](http://go.microsoft.com/fwlink/p/?LinkId=272283)
+    -   MicrosoftAjax.js –[https://go.microsoft.com/p/fwlink/?LinkId=272283](https://go.microsoft.com/fwlink/p/?LinkId=272283)
 
-    -   MicrosoftMvcAjax.js - [http://go.microsoft.com/p/fwlink/?LinkId=272284](http://go.microsoft.com/fwlink/p/?LinkId=272284)
+    -   MicrosoftMvcAjax.js - [https://go.microsoft.com/p/fwlink/?LinkId=272284](https://go.microsoft.com/fwlink/p/?LinkId=272284)
 
-    -   MicrosoftMvcValidation.js - <http://go.microsoft.com/fwlink/p/?LinkId=272285>
+    -   MicrosoftMvcValidation.js - <https://go.microsoft.com/fwlink/p/?LinkId=272285>
 
 3.  Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *&lt;MBAM Self-Service Install Directory&gt;\\*Self Service Website\\Scripts.
 
@@ -227,7 +227,7 @@ The following steps describe how to install general MBAM features.
 
      
 
-12. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](http://go.microsoft.com/fwlink/?LinkId=286758).
+12. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758).
 
 13. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard.
 
diff --git a/mdop/mbam-v2/index.md b/mdop/mbam-v2/index.md
index 9b13be4d7f..6bb7ed3791 100644
--- a/mdop/mbam-v2/index.md
+++ b/mdop/mbam-v2/index.md
@@ -39,13 +39,13 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simpl
 
     View updated product information and known issues for MBAM 2.0.
 
--   [MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)
+-   [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
 
     Learn about the latest MDOP information and resources.
 
--   [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)
+-   [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
 
-    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
index 32629af033..ca28148a37 100644
--- a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
@@ -275,7 +275,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 </tr>
 <tr class="even">
 <td align="left"><p>ASP.NET MVC 2.0</p></td>
-<td align="left"><p>[ASP.NET MVC 2 download](http://go.microsoft.com/fwlink/?LinkId=392270)</p></td>
+<td align="left"><p>[ASP.NET MVC 2 download](https://go.microsoft.com/fwlink/?LinkId=392270)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Web Service IIS Management Tools</p></td>
@@ -310,12 +310,12 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 <td align="left"><p>For more information, see the BIOS documentation.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Windows 8 clients only</strong>: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](http://go.microsoft.com/fwlink/?LinkId=286468).</p>
+<td align="left"><p><strong>Windows 8 clients only</strong>: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468).</p>
 <ul>
 <li><p>TPM auto-provisioning must be turned off.</p></li>
 <li><p>MBAM must be set as the owner of the TPM before you deploy MBAM.</p></li>
 </ul></td>
-<td align="left"><p>To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](http://go.microsoft.com/fwlink/?LinkId=286468).</p>
+<td align="left"><p>To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468).</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.</p>
diff --git a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
index 3a51b59b37..10985c643c 100644
--- a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
@@ -68,7 +68,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 **Information Collected, Processed, or Transmitted:**
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at [http://go.microsoft.com](http://go.microsoft.com/fwlink/?LinkID=244395).
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at [https://go.microsoft.com](https://go.microsoft.com/fwlink/?LinkID=244395).
 
 **Use of Information:**
 
@@ -98,15 +98,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244000>.
+For details about controlling this feature, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244000>.
 
 ### Customer Experience Improvement Program
 
@@ -116,7 +116,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 **Information Collected, Processed, or Transmitted:**
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=52097>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
 
 **Use of Information:**
 
diff --git a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
index 0215cbc294..49e3c18cf1 100644
--- a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
@@ -22,9 +22,9 @@ This topic contains a brief overview about the accounts and groups, log files, a
 
 **Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/?LinkId=30009>).
 
 ## Accounts and Groups in MBAM
 
@@ -185,7 +185,7 @@ When TDE is enabled on a database, all backups are encrypted. Thus, special care
 
 For an example of how to enable TDE for MBAM database instances, see [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md).
 
-For more information about TDE in SQL Server 2008, see [SQL Server Encryption]( http://go.microsoft.com/fwlink/?LinkId=299883).
+For more information about TDE in SQL Server 2008, see [SQL Server Encryption]( https://go.microsoft.com/fwlink/?LinkId=299883).
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
index 2f7ccf2976..8e7013294e 100644
--- a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
@@ -20,7 +20,7 @@ If you plan to install MBAM 2.0 by using the Configuration Manager topology and
 The recommended configuration for running MBAM in a production environment is with two servers, depending on your scalability requirements. This configuration supports up to 200,000 MBAM clients. For an image and descriptions of the Stand-alone MBAM server infrastructure, see [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md).
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
index 6a3213a699..a0bbbee2b3 100644
--- a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
+++ b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
@@ -43,18 +43,18 @@ Ensure that you have met the following prerequisites before you install MBAM wit
 </tr>
 <tr class="even">
 <td align="left"><p>Enable the Hardware Inventory Client Agent on the Configuration Manager Server.</p></td>
-<td align="left"><p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](http://go.microsoft.com/fwlink/?LinkId=301656).</p>
-<p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301685).</p></td>
+<td align="left"><p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656).</p>
+<p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using.</p></td>
-<td align="left"><p>For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](http://go.microsoft.com/fwlink/?LinkId=301686).</p>
-<p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301687).</p></td>
+<td align="left"><p>For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686).</p>
+<p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Define a reporting services point in Configuration Manager. Required for SQL Reporting Services.</p></td>
-<td align="left"><p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](http://go.microsoft.com/fwlink/?LinkId=301688).</p>
-<p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301689).</p></td>
+<td align="left"><p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688).</p>
+<p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689).</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
index efd62a6169..911a162764 100644
--- a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
+++ b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
@@ -67,7 +67,7 @@ If you are using MBAM with Configuration Manager, and you want to upgrade to MBA
 
 When you use Internet Explorer 10 to access the Administration and Monitoring Website, the **Submit** button on the website does not work.
 
-**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](http://go.microsoft.com/fwlink/?LinkId=317798).
+**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](https://go.microsoft.com/fwlink/?LinkId=317798).
 
 ### International domain names are not supported
 
diff --git a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
index 33672448b9..6eda8b11ab 100644
--- a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting MBAM 2.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md
index 4f19a1527d..96df87e28a 100644
--- a/mdop/mbam-v25/about-mbam-25-sp1.md
+++ b/mdop/mbam-v25/about-mbam-25-sp1.md
@@ -45,7 +45,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
 -   Administrators who are responsible for client computers that are running Windows
 
 **Note**  
-BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
@@ -123,11 +123,11 @@ In MBAM 2.5, support was added for Federal Information Processing Standard (FIP
 The Windows team has backported FIPS-compliant recovery keys with a hotfix, and MBAM 2.5 SP1 has added support for them as well.
 
 **Note**  
-Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](http://go.microsoft.com/fwlink/?LinkId=393557).
+Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
 
  
 
-To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](http://go.microsoft.com/fwlink/?LinkId=393560).
+To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
 
 ### Customize pre-boot recovery message and URL with new Group Policy setting
 
@@ -220,7 +220,7 @@ The compliance calculation logic for "Locked Fixed Data" volumes has been change
 ## How to Get MDOP Technologies
 
 
-MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## MBAM 2.5 SP1 Release Notes
 
diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md
index b9d9a8e8d4..89e69dbb3c 100644
--- a/mdop/mbam-v25/about-mbam-25.md
+++ b/mdop/mbam-v25/about-mbam-25.md
@@ -45,7 +45,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
 -   Administrators who are responsible for client computers that are running Windows
 
 **Note**  
-BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
@@ -60,7 +60,7 @@ MBAM adds support for Microsoft SQL Server 2014, in addition to the same softwar
 
 ### <a href="" id="-------------mbam-group-policy-templates-downloaded-separately"></a> MBAM Group Policy Templates downloaded separately
 
-The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system.
+The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system.
 
 **Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the BitLocker Drive Encryption settings for you.
@@ -133,7 +133,7 @@ Copy the template files to the location that best meets your needs. For the lang
 
      
 
-For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=392818).
+For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=392818).
 
 ### Ability to enforce encryption policies on operating system and fixed data drives
 
@@ -189,9 +189,9 @@ The new Group Policy setting is located in the following GPO node: **Computer Co
 
 MBAM 2.5 supports Federal Information Processing Standard (FIPS)-compliant BitLocker recovery keys on devices that are running the Windows 8.1 operating system. The recovery key was not FIPS compliant in earlier versions of Windows. This enhancement improves the drive recovery process in organizations that require FIPS compliance because it enables end users to use the Self-Service Portal or Administration and Monitoring Website (Help Desk) to recover their drives if they forget their PIN or password or get locked out of their computers. The new FIPS compliance feature does not extend to password protectors.
 
-To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](http://go.microsoft.com/fwlink/?LinkId=393560).
+To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
 
-For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](http://go.microsoft.com/fwlink/?LinkId=393557).
+For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
 
 See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers.
 
@@ -282,15 +282,15 @@ Windows PowerShell Help for MBAM is available in the following formats:
 </tr>
 <tr class="even">
 <td align="left"><p>On TechNet as webpages</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393498</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393498</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>On the Download Center as a Word .docx file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393497</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393497</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>On the Download Center as a .pdf file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393499</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393499</p></td>
 </tr>
 </tbody>
 </table>
@@ -346,7 +346,7 @@ MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification req
 ## How to Get MDOP Technologies
 
 
-MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="---------mbam-2-5-release-notes"></a> MBAM 2.5 Release Notes
 
diff --git a/mdop/mbam-v25/accessibility-for-mbam-25.md b/mdop/mbam-v25/accessibility-for-mbam-25.md
index c9526f1eee..9f43694659 100644
--- a/mdop/mbam-v25/accessibility-for-mbam-25.md
+++ b/mdop/mbam-v25/accessibility-for-mbam-25.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Got a suggestion for MBAM?
 
diff --git a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
index d50cde850a..ebc86f347e 100644
--- a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
+++ b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
@@ -37,7 +37,7 @@ For information about the **Get-MbamBitLockerRecoveryKey** and **Get-MbamTPMOwne
 ## <a href="" id="bkmk-load-posh-help"></a>How to load Windows PowerShell Help for MBAM 2.5
 
 
-For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://go.microsoft.com/fwlink/?LinkId=392816).
+For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=392816).
 
 **To load the MBAM 2.5 Help for Windows PowerShell cmdlets after installing the MBAM Server software**
 
@@ -68,15 +68,15 @@ Windows PowerShell Help for MBAM is available in the following formats:
 </tr>
 <tr class="even">
 <td align="left"><p>On TechNet as webpages</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393498</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393498</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>On the Download Center as a Word .docx file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393497</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393497</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>On the Download Center as a .pdf file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393499</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393499</p></td>
 </tr>
 </tbody>
 </table>
@@ -193,7 +193,7 @@ Before starting the configuration, complete the following prerequisites.
 <p>This user account must be a part of the local administrators group or the Backup Operators group to register the MBAM Volume Shadow Copy Service (VSS) Writer.</p></td>
 <td align="left"><p>By default, the database administrator or system administrator has the required &quot;create any database&quot; permissions.</p>
 <p></p>
-<p>For more information about VSS Writer, see [Volume Shadow Copy Service](http://go.microsoft.com/fwlink/?LinkId=392814).</p></td>
+<p>For more information about VSS Writer, see [Volume Shadow Copy Service](https://go.microsoft.com/fwlink/?LinkId=392814).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>For the <strong>System Center Configuration Manager Integration</strong> feature only:</p>
@@ -251,7 +251,7 @@ Before starting the configuration, complete the following prerequisites.
 <ul>
 <li><p>Ensure that the MBAM 2.5 Server software has been installed on the remote computer.</p></li>
 <li><p>Use the Credential Security Support Provider (CredSSP) Protocol to open the Windows PowerShell session.</p></li>
-<li><p>Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the <strong>New-PSSession</strong> cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](http://go.microsoft.com/fwlink/?LinkId=393064).</p></li>
+<li><p>Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the <strong>New-PSSession</strong> cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](https://go.microsoft.com/fwlink/?LinkId=393064).</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
index 087b44ec4b..9c4d42d879 100644
--- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
+++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
@@ -22,7 +22,7 @@ MDOP Group Policy templates are available for download in a self-extracting, com
 
 **How to download and deploy the MDOP Group Policy templates**
 
-1.  Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) .
+1.  Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) .
 
 2.  Run the downloaded file to extract the template folders.
 
diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md
index ce79fb2767..d917998cbf 100644
--- a/mdop/mbam-v25/getting-started-with-mbam-25.md
+++ b/mdop/mbam-v25/getting-started-with-mbam-25.md
@@ -17,9 +17,9 @@ This topic provides a list of links to help you learn about Microsoft BitLocker
 
 See the following resources for additional MBAM documentation:
 
--   [Microsoft BitLocker Administration and Monitoring Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=396653)
+-   [Microsoft BitLocker Administration and Monitoring Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=396653)
 
--   [Microsoft Training Overview](http://go.microsoft.com/fwlink/p/?LinkId=80347)
+-   [Microsoft Training Overview](https://go.microsoft.com/fwlink/p/?LinkId=80347)
 
 Before you deploy MBAM to a production environment, we recommend that you validate your deployment plan in a test environment.
 
@@ -72,7 +72,7 @@ Before you start planning your MBAM deployment, review the following topics.
 ## How to get MDOP technologies
 
 
-MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
index 6a47917431..78d2526dde 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
@@ -139,7 +139,7 @@ MBAM Group Policy Templates
 
 -   The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption.
 
--   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
+-   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
 
     **Note**  
     The workstation does not have to be a dedicated computer.
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
index 6cced98084..c0d16c3f7a 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
@@ -118,7 +118,7 @@ MBAM Group Policy Templates
 
 -   The MBAM Group Policy Templates are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker Drive Encryption.
 
--   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
+-   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
 
 -   The workstation does not have to be a dedicated computer.
 
diff --git a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
index 11443abd41..75c1e1ac11 100644
--- a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
+++ b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
@@ -28,11 +28,11 @@ In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do no
 
 1.  Download the following JavaScript files from the CDN:
 
-    -   [jQuery-1.10.2.min.js](http://go.microsoft.com/fwlink/?LinkID=390515)
+    -   [jQuery-1.10.2.min.js](https://go.microsoft.com/fwlink/?LinkID=390515)
 
-    -   [jQuery.validate.min.js](http://go.microsoft.com/fwlink/?LinkID=390516)
+    -   [jQuery.validate.min.js](https://go.microsoft.com/fwlink/?LinkID=390516)
 
-    -   [jQuery.validate.unobtrusive.min.js](http://go.microsoft.com/fwlink/?LinkID=390517)
+    -   [jQuery.validate.unobtrusive.min.js](https://go.microsoft.com/fwlink/?LinkID=390517)
 
 2.  Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *&lt;MBAM Self-Service Install Directory&gt;\\*Self Service Website\\Scripts.
 
diff --git a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
index 47933f4215..806f8c1fe6 100644
--- a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
+++ b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
@@ -32,7 +32,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
     The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to &lt;MBAM Self-Service Install Directory&gt;\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
 
-    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized text that you want to display to end users.
 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
index 2c6f87f506..9142469468 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
@@ -34,7 +34,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
     The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to &lt;MBAM Self-Service Install Directory&gt;\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
 
-    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized version of the `HelpdeskURL` value that you want to display to end users.
 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
index a718bcc0c5..99d5d15e63 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
@@ -48,7 +48,7 @@ If an end user’s browser is set to a language that does not have a correspondi
     &lt;*MBAM Self-Service Install Directory*&gt;\\Self Service Website\\
 
     **Note**  
-    Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*Language*&gt; folder.
+    Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*Language*&gt; folder.
 
      
 
diff --git a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
index a648d9fe0c..1828c9e862 100644
--- a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
@@ -37,7 +37,7 @@ You can use this procedure with the Administration and Monitoring Website (also
 </tr>
 <tr class="odd">
 <td align="left"><p>Use the <code>repair-bde</code> command to complete the recovery process.</p></td>
-<td align="left"><p>To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](http://go.microsoft.com/fwlink/?LinkId=393567) command before using it.</p></td>
+<td align="left"><p>To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567) command before using it.</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
index ceb184dd8f..609ec18b52 100644
--- a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
@@ -37,7 +37,7 @@ You may have given these roles different names when you created them. For more i
 
     If the moved drive was configured to use a TPM chip on the original computer, complete the following additional steps. Otherwise, the recovery process is complete.
 
-4.  After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](http://go.microsoft.com/fwlink/?LinkId=393567).
+4.  After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567).
 
 5.  When the removal is completed, start the computer normally. The MBAM agent will now enforce the policy to encrypt the drive with the new computer’s TPM plus the PIN.
 
diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md
index 897bb62a41..fd60429382 100644
--- a/mdop/mbam-v25/index.md
+++ b/mdop/mbam-v25/index.md
@@ -15,7 +15,7 @@ ms.prod: w10
 
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md).
 
-To get the MBAM software, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 <a href="" id="getting-started-with-mbam-2-5"></a>[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)  
 
@@ -45,13 +45,13 @@ To get the MBAM software, see [How Do I Get MDOP](http://go.microsoft.com/fwlink
 
     View updated product information and known issues for MBAM 2.5.
 
--   [MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)
+-   [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
 
     Learn about the latest MDOP information and resources.
 
--   [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)
+-   [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
 
-    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 -   [MBAM Deployment Guide](http://www.microsoft.com/download/details.aspx?id=38398)
 
diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md
index 5da2d97409..533102fb68 100644
--- a/mdop/mbam-v25/mbam-25-security-considerations.md
+++ b/mdop/mbam-v25/mbam-25-security-considerations.md
@@ -104,7 +104,7 @@ The Read-AD\* cmdlets read information from Active Directory. The Write-Mbam\* c
 
 **Create user-to-computer associations:** The MBAM Active Directory Data Import cmdlets gather information from Active Directory and insert the data into MBAM database. However, they do not associate users to volumes. You can download the Add-ComputerUser.ps1 PowerShell script to create user-to-machine associations, which let users regain access to a computer through the Administration and Monitoring Website or by using the Self-Service Portal for recovery. The Add-ComputerUser.ps1 script gathers data from the **Managed By** attribute in Active Directory (AD), the object owner in AD, or from a custom CSV file. The script then adds the discovered users to the recovery information pipeline object, which must be passed to Write-MbamRecoveryInformation to insert the data into the recovery database.
 
-Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=613122).
+Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=613122).
 
 You can specify **help Add-ComputerUser.ps1** to get help for the script, including examples of how to use the cmdlets and the script.
 
@@ -287,7 +287,7 @@ For an example of how to enable TDE for MBAM database instances, see [Understand
 
 **Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM Servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](http://go.microsoft.com/fwlink/?LinkId=28819).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](https://go.microsoft.com/fwlink/?LinkId=28819).
 
 **Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](http://technet.microsoft.com/library/hh994572.aspx).
 
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
index dbbd704e9b..21e84dabb1 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
@@ -260,7 +260,7 @@ The following table lists the installation prerequisites for the MBAM Administra
 <li><p><strong>.NET Framework 4.5</strong></p>
 <ul>
 <li><p><strong>Windows Server 2012 or Windows Server 2012 R2</strong> - .NET Framework 4.5 is already installed for these versions of Windows Server, but you must enable it.</p></li>
-<li><p><strong>Windows Server 2008 R2</strong> - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](http://go.microsoft.com/fwlink/?LinkId=392318) and install it separately.</p>
+<li><p><strong>Windows Server 2008 R2</strong> - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](https://go.microsoft.com/fwlink/?LinkId=392318) and install it separately.</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>If you are upgrading from MBAM 2.0 or MBAM 2.0 SP1 and need to install .NET Framework 4.5, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) for an additional required step to make the websites work.</p>
@@ -327,7 +327,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser</code></pre>
 </tr>
 <tr class="even">
 <td align="left"><p>ASP.NET MVC 4.0</p></td>
-<td align="left"><p>[ASP.NET MVC 4 download](http://go.microsoft.com/fwlink/?LinkId=392271)</p></td>
+<td align="left"><p>[ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Web Service IIS Management Tools</p></td>
@@ -371,7 +371,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser</code></pre>
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.</p></td>
+<td align="left"><p>Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.</p></td>
 <td align="left"><p>Before installing the MBAM Client, do the following:</p>
 <table>
 <colgroup>
diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index cfe24704f3..ae4aa4c63c 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -18,7 +18,7 @@ You can run Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in a St
 For additional configurations that are specific to the Configuration Manager Integration topology, see [Versions of Configuration Manager that MBAM supports](#bkmk-cm-ramreqs).
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
index e424414d23..13e646e1a9 100644
--- a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
+++ b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
@@ -78,7 +78,7 @@ If you are concerned about whether your MBAM Servers can support your client bas
 
 The recommended tool for viewing MBAM performance counters is Windows Performance Monitor, which comes with Windows. If you are using Windows PowerShell, you don’t need to enable the counters before viewing them, as they are automatically registered by the Windows PowerShell **Enable-webapplication** cmdlet.
 
-For detailed instructions on how to view performance counters, see [How to View MBAM Performance Counters](http://go.microsoft.com/fwlink/?LinkId=393457).
+For detailed instructions on how to view performance counters, see [How to View MBAM Performance Counters](https://go.microsoft.com/fwlink/?LinkId=393457).
 
 ## Got a suggestion for MBAM?
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
index 73bbf306fe..267668835a 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
@@ -91,7 +91,7 @@ When you are ready to configure the MBAM Group Policy settings you want, do the
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Copy the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).</p></td>
+<td align="left"><p>Copy the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).</p></td>
 <td align="left"><p>[Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)</p></td>
 </tr>
 <tr class="even">
diff --git a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
index 9dc7663655..84a3de74f4 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
@@ -34,7 +34,7 @@ MBAM enables you to configure and manage availability groups for the databases i
 
 An availability group supports a set of read/write primary databases and one to four sets of corresponding secondary databases. Optionally, secondary databases can be made available for read-only permission, some backup operations, or for both.
 
-For information about how to set up availability groups, see [AlwaysOn Availability Groups](http://go.microsoft.com/fwlink/?LinkId=393277).
+For information about how to set up availability groups, see [AlwaysOn Availability Groups](https://go.microsoft.com/fwlink/?LinkId=393277).
 
 ## <a href="" id="bkmk-sql-clustering"></a>Microsoft SQL Server clustering
 
@@ -50,7 +50,7 @@ You can use Network Load Balancing to configure a highly available environment f
 
 Before configuring load balancing, ensure that you have met the following prerequisites:
 
--   A load balancer must be available. You can use load balancers from Microsoft or another company. For more information about Microsoft load balancer technology, see [Build a Web Farm with IIS Servers](http://go.microsoft.com/fwlink/?LinkId=393326).
+-   A load balancer must be available. You can use load balancers from Microsoft or another company. For more information about Microsoft load balancer technology, see [Build a Web Farm with IIS Servers](https://go.microsoft.com/fwlink/?LinkId=393326).
 
 -   At least two servers are running IIS and have met all of the MBAM prerequisites to support its web features, including ASP.NET MVC 4.
 
@@ -82,7 +82,7 @@ Complete the following tasks:
 
     For instructions about how to automatically generate a key, see [Generate a Machine Key (IIS 7)](https://technet.microsoft.com/library/cc772287.aspx).
 
-The information about Load Balancing also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2012 or Windows Server 2008 R2. The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are different in Windows Server 2012. For information about new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](http://go.microsoft.com/fwlink/?LinkId=316371).
+The information about Load Balancing also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2012 or Windows Server 2008 R2. The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are different in Windows Server 2012. For information about new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371).
 
 ## <a href="" id="bkmk-db-mirroring"></a>Database mirroring in SQL Server
 
@@ -111,9 +111,9 @@ Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionStri
 
 The following links provide more information about configuring SQL Server mirroring:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=316375)
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375)
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=316377)
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377)
 
 ## <a href="" id="bkmk-vss"></a>Backing up MBAM databases by using the Volume Shadow Copy Service (VSS)
 
diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
index 7c17c264a4..c3f9fe2ec2 100644
--- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
+++ b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
@@ -140,7 +140,7 @@ If you use a fully qualified domain host name when you configure MBAM, you have
 </tr>
 <tr class="even">
 <td align="left"><p>Configure constrained delegation for the SPN that you are registering for the application pool account.</p></td>
-<td align="left"><p>[Configuring Constrained Delegation](http://go.microsoft.com/fwlink/?LinkId=394335)</p>
+<td align="left"><p>[Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)</p>
 <p>This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.</p></td>
 </tr>
 </tbody>
@@ -176,7 +176,7 @@ If you use a NetBIOS host name when you configure MBAM, register one SPN for the
 </tr>
 <tr class="odd">
 <td align="left"><p>Configure constrained delegation for the SPNs that you are registering for the application pool account.</p></td>
-<td align="left"><p>[Configuring Constrained Delegation](http://go.microsoft.com/fwlink/?LinkId=394335)</p>
+<td align="left"><p>[Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)</p>
 <p>This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.</p></td>
 </tr>
 </tbody>
@@ -217,12 +217,12 @@ If you configure MBAM with a virtual host name that is a fully qualified domain
 </tr>
 <tr class="even">
 <td align="left"><p>On the Domain Name Server (DNS) server, create an “A record” for the custom host name and point it to a web server or a load balancer.</p></td>
-<td align="left"><p>See the “To configure DNS Host A Records” section in [Configure DNS Host Records](http://go.microsoft.com/fwlink/?LinkId=394337).</p>
+<td align="left"><p>See the “To configure DNS Host A Records” section in [Configure DNS Host Records](https://go.microsoft.com/fwlink/?LinkId=394337).</p>
 <p>We recommend that you use A records instead of CNAMES. If you use CNAMES to point to the domain address, you must also register SPNs for the web server name in the application pool account.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Configure constrained delegation for the SPNs that you are registering for the application pool account.</p></td>
-<td align="left"><p>[Configuring Constrained Delegation](http://go.microsoft.com/fwlink/?LinkId=394335)</p>
+<td align="left"><p>[Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)</p>
 <p>This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.</p></td>
 </tr>
 </tbody>
diff --git a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
index a8de68cf08..7417d8b4b8 100644
--- a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
+++ b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
@@ -43,8 +43,8 @@ When you install MBAM with Configuration Manager, the following additional prere
 </tr>
 <tr class="even">
 <td align="left"><p>The Hardware Inventory Client Agent is on the Configuration Manager Server.</p></td>
-<td align="left"><p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301685).</p>
-<p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](http://go.microsoft.com/fwlink/?LinkId=301656).</p></td>
+<td align="left"><p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685).</p>
+<p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>One of the following is enabled, depending on the version of Configuration Manager that you are using:</p>
@@ -52,13 +52,13 @@ When you install MBAM with Configuration Manager, the following additional prere
 <li><p>Compliance Settings - (System Center 2012 Configuration Manager)</p></li>
 <li><p>Desired Configuration Management (DCM) Client Agent – (Configuration Manager 2007)</p></li>
 </ul></td>
-<td align="left"><p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301687).</p>
-<p>For Configuration Manager 2007, see [Desired Configuration Management Client Agent Properties](http://go.microsoft.com/fwlink/?LinkId=301686).</p></td>
+<td align="left"><p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687).</p>
+<p>For Configuration Manager 2007, see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>A reporting services point is defined in Configuration Manager. Required for SQL Server Reporting Services (SSRS).</p></td>
-<td align="left"><p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301689).</p>
-<p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](http://go.microsoft.com/fwlink/?LinkId=301688).</p></td>
+<td align="left"><p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689).</p>
+<p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Configuration Manager 2007 requires Microsoft .NET Framework 2.0</p></td>
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
index d8cf0a12a2..7a1f4ce2ae 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
@@ -80,7 +80,7 @@ A user principal name (UPN) must be set for all service accounts in MBAM. If you
 
 When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open.
 
-**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](http://go.microsoft.com/fwlink/?LinkId=393568).
+**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](https://go.microsoft.com/fwlink/?LinkId=393568).
 
 ### Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured
 
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25.md b/mdop/mbam-v25/release-notes-for-mbam-25.md
index f0e69536dd..77fb10929e 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25.md
@@ -37,7 +37,7 @@ This is fixed in MBAM 2.5 SP1.
 
 If a computer has the MBAM 2.5 client installed and is encrypted by using the AES 256-bit with Diffuser cipher strength, the MBAM client is reported as noncompliant in the MBAM compliance reports.
 
-**Workaround:** Install the hotfix at [KB2975636](http://go.microsoft.com/fwlink/?LinkId=511972).
+**Workaround:** Install the hotfix at [KB2975636](https://go.microsoft.com/fwlink/?LinkId=511972).
 
 ### <a href="" id="-------------mbam-fails-to-encrypt-a-volume-and-reports-an-error-if-you-set-a-tpm---pin-protector-on-a-tablet-device"></a> MBAM fails to encrypt a volume and reports an error if you set a TPM + PIN protector on a tablet device
 
@@ -61,7 +61,7 @@ If your client computers do not have access to the Microsoft Ajax Content Delive
 
 When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open.
 
-**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](http://go.microsoft.com/fwlink/?LinkId=393568).
+**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](https://go.microsoft.com/fwlink/?LinkId=393568).
 
 ### Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured
 
diff --git a/mdop/mbam-v25/removing-mbam-server-features-or-software.md b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
index 68a503a904..bc32e92632 100644
--- a/mdop/mbam-v25/removing-mbam-server-features-or-software.md
+++ b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
@@ -57,7 +57,7 @@ Use the following steps as a general guide to remove MBAM Server features by usi
 
     -   Disable-MbamCMIntegration
 
-    To get help with Windows PowerShell cmdlets, type **Get-Help** &lt;*cmdlet*&gt; or see the [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://go.microsoft.com/fwlink/?LinkId=393498) page for the MBAM Windows PowerShell cmdlets.
+    To get help with Windows PowerShell cmdlets, type **Get-Help** &lt;*cmdlet*&gt; or see the [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=393498) page for the MBAM Windows PowerShell cmdlets.
 
 ## Removing MBAM Server software
 
diff --git a/mdop/mbam-v25/troubleshooting-mbam-25.md b/mdop/mbam-v25/troubleshooting-mbam-25.md
index 039cf035e3..5afd3f7113 100644
--- a/mdop/mbam-v25/troubleshooting-mbam-25.md
+++ b/mdop/mbam-v25/troubleshooting-mbam-25.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting MBAM 2.5
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to find troubleshooting content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
index 8689fe73e0..80fa3a1a92 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
@@ -48,7 +48,7 @@ Review the following information before you start the upgrade.
 <td align="left"><p><strong>To resolve this issue:</strong></p>
 <p>Run <strong>aspnet_regiis –i</strong> from the following location:</p>
 <p>C:\windows\microsoft.net\Framework\v4.0.30319</p>
-<p>For more information, see: [ASP.NET IIS Registration Tool](http://go.microsoft.com/fwlink/?LinkId=393272).</p></td>
+<p>For more information, see: [ASP.NET IIS Registration Tool](https://go.microsoft.com/fwlink/?LinkId=393272).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Register an SPN on the application pool account if all of the following are true:</p>
diff --git a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
index 8354649b6f..41833fc753 100644
--- a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
+++ b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
@@ -70,15 +70,15 @@ Windows PowerShell Help for MBAM cmdlets is available in the following formats:
 </tr>
 <tr class="even">
 <td align="left"><p>On TechNet as webpages</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393498</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393498</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>On the Download Center as a Word .docx file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393497</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393497</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>On the Download Center as a .pdf file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393499</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393499</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
index d8d020cc25..5b630c65bf 100644
--- a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
@@ -34,9 +34,9 @@ To create a Virtual PC image using Microsoft Virtual PC, refer to the Virtual PC
 
 For more information, see the following:
 
--   [Windows Virtual PC Help](http://go.microsoft.com/fwlink/?LinkId=182378)
+-   [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378)
 
--   [Create a virtual machine and install a guest operating system](http://go.microsoft.com/fwlink/?LinkId=182379)
+-   [Create a virtual machine and install a guest operating system](https://go.microsoft.com/fwlink/?LinkId=182379)
 
 ## <a href="" id="bkmk-howtoinstallthemedvworkspacemsipackage"></a>How to Install the MED-V Workspace .msi Package
 
@@ -203,9 +203,9 @@ Sysprep is Microsoft's system preparation utility for the Windows operating syst
 
 2.  From the Windows installation CD, extract *deploy.cab* to the root of the system drive, or download the latest Deployment Tools update from the Microsoft Web site.
 
-    -   For Windows 2000, see [Deployment Tools update for Windows 2000](http://go.microsoft.com/fwlink/?LinkId=143001).
+    -   For Windows 2000, see [Deployment Tools update for Windows 2000](https://go.microsoft.com/fwlink/?LinkId=143001).
 
-    -   For Windows XP, see [Deployment Tools update for Windows XP](http://go.microsoft.com/fwlink/?LinkId=143000).
+    -   For Windows XP, see [Deployment Tools update for Windows XP](https://go.microsoft.com/fwlink/?LinkId=143000).
 
 3.  Run **Setup Manager** (setupmgr.exe).
 
diff --git a/mdop/medv-v1/design-the-med-v-image-repositories.md b/mdop/medv-v1/design-the-med-v-image-repositories.md
index 98e48d55d6..a1f9c7d386 100644
--- a/mdop/medv-v1/design-the-med-v-image-repositories.md
+++ b/mdop/medv-v1/design-the-med-v-image-repositories.md
@@ -58,7 +58,7 @@ The image repository can reside on the same system as the MED-V server and the s
 
 ### Fault Tolerance
 
-If the image repository is unavailable, clients will not be able to download new or updated MED-V images. To design fault-tolerance options for the file server and fault-tolerant disks, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=163302) guide.
+If the image repository is unavailable, clients will not be able to download new or updated MED-V images. To design fault-tolerance options for the file server and fault-tolerant disks, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide.
 
 ## Design and Place the IIS Servers
 
@@ -69,11 +69,11 @@ The IIS server can coexist on the same system as the MED-V server and the server
 
 For each image repository, sum the number of clients that may download MED-V images using IIS. This is the maximum number of concurrent downloads that can occur when an image is loaded into the repository. Use the throughput sum and the service level expectations determined in [Define the Project Scope](define-the-project-scope.md) to plan the design of the IIS server infrastructure and to determine the appropriate amount of bandwidth to allocate for the repository.
 
-To design the IIS infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](http://go.microsoft.com/fwlink/?LinkId=160826) guide.
+To design the IIS infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=160826) guide.
 
 ### Fault Tolerance
 
-If the IIS server infrastructure is unavailable, clients will not be able to download new or updated images. To configure fault tolerance, the Windows Server 2008-based IIS server can be placed in a failover cluster. To design the fault tolerance for the IIS server infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](http://go.microsoft.com/fwlink/?LinkId=160826) guide.
+If the IIS server infrastructure is unavailable, clients will not be able to download new or updated images. To configure fault tolerance, the Windows Server 2008-based IIS server can be placed in a failover cluster. To design the fault tolerance for the IIS server infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=160826) guide.
 
 ## Related topics
 
diff --git a/mdop/medv-v1/design-the-med-v-server-infrastructure.md b/mdop/medv-v1/design-the-med-v-server-infrastructure.md
index 16803828f3..9a112b2835 100644
--- a/mdop/medv-v1/design-the-med-v-server-infrastructure.md
+++ b/mdop/medv-v1/design-the-med-v-server-infrastructure.md
@@ -45,7 +45,7 @@ If you place the database server in a location that is remote from the MED-V ser
 
 ### Form Factor
 
-If you will run SQL Server on the same server as MED-V, and if SQL Server will only be used to store data for that server, start with the MED-V recommendation and add resources for the SQL Server load. If SQL Server will store events and alerts from more than one MED-V instance, for information on how to scale up the server form factor, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=163302) guide (http:// go.microsoft.com/fwlink/?LinkId=163302).
+If you will run SQL Server on the same server as MED-V, and if SQL Server will only be used to store data for that server, start with the MED-V recommendation and add resources for the SQL Server load. If SQL Server will store events and alerts from more than one MED-V instance, for information on how to scale up the server form factor, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide (http:// go.microsoft.com/fwlink/?LinkId=163302).
 
 The size of the database depends on the number of client events that the database will store. Events are created by normal operation of the client, such as when a MED-V workspace is started, or when there is an error in the MED-V workspace. The default interval at which the client sends events is 1 minute.
 
@@ -71,7 +71,7 @@ To approximate the infrastructure optimization per second (IOPs) requirement, us
 
 When MED-V client is running, if the server is unavailable, events will be backed up on the client and reports will be unavailable in the management console. Refer to the organization’s service level expectations determined in [Define the Project Scope](define-the-project-scope.md) to decide whether the design of a fault-tolerant SQL Server infrastructure is necessary.
 
-MED-V does not provide support for running SQL Server in an MSCS cluster. In order to provide warm standby and to avoid data loss in the event of a failure, you can place SQL Server in a log shipping configuration. For information on log shipping, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=163302) guide (http://go.microsoft.com/fwlink/?LinkId=163302).
+MED-V does not provide support for running SQL Server in an MSCS cluster. In order to provide warm standby and to avoid data loss in the event of a failure, you can place SQL Server in a log shipping configuration. For information on log shipping, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide (https://go.microsoft.com/fwlink/?LinkId=163302).
 
 ## Design the Management Console
 
diff --git a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
index 054d2fba0c..5162470c80 100644
--- a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
+++ b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
@@ -20,7 +20,7 @@ An image repository is an optional server that is used for image distribution (w
 
 An image distribution server requires the following:
 
--   Internet Information Services (IIS)—For information, see [Internet Information Services](http://go.microsoft.com/fwlink/?LinkId=142995).
+-   Internet Information Services (IIS)—For information, see [Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=142995).
 
     During the IIS installation, when adding role services, select the following supported authentication methods:
 
@@ -46,7 +46,7 @@ An image distribution server requires the following:
 
     -   Restart IIS.
 
--   BITS Server Extensions for IIS—For information, see [Install BITS Server Extensions](http://go.microsoft.com/fwlink/?LinkId=142996).
+-   BITS Server Extensions for IIS—For information, see [Install BITS Server Extensions](https://go.microsoft.com/fwlink/?LinkId=142996).
 
 ## Related topics
 
diff --git a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
index 0b992dd722..d5fa158ff6 100644
--- a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
+++ b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
@@ -87,9 +87,9 @@ The following server settings can be configured:
 
         -   Associate the server certificate with the port specified using netsh. For information, see the following:
 
-            -   [Netsh Commands for Hypertext Transfer Protocol (HTTP)](http://go.microsoft.com/fwlink/?LinkId=183314)
+            -   [Netsh Commands for Hypertext Transfer Protocol (HTTP)](https://go.microsoft.com/fwlink/?LinkId=183314)
 
-            -   [How to: Configure a Port with an SSL Certificate](http://go.microsoft.com/fwlink/?LinkID=183315)
+            -   [How to: Configure a Port with an SSL Certificate](https://go.microsoft.com/fwlink/?LinkID=183315)
 
             -   [How to: Configure a Port with an SSL Certificate](http://msdn.microsoft.com/library/ms733791.aspx)
 
diff --git a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
index d35cdc8ee7..8af4246244 100644
--- a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
@@ -28,7 +28,7 @@ Comprehensive documentation for Microsoft Enterprise Desktop Virtualization (MED
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, you should install the latest available security updates for any new software that you are installing. For more information, see the Microsoft Security website at <http://go.microsoft.com/fwlink/?LinkId=3482>.
+To help protect against security vulnerabilities and viruses, you should install the latest available security updates for any new software that you are installing. For more information, see the Microsoft Security website at <https://go.microsoft.com/fwlink/?LinkId=3482>.
 
 ## <a href="" id="what-s-new-in-med-v-1-0-sp2"></a>What’s New in MED-V 1.0 SP2
 
diff --git a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
index 467c2a0a98..556b54dfb9 100644
--- a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
@@ -23,7 +23,7 @@ This topic specifies the requirements necessary to install and run Microsoft Ent
 The following table lists the operating systems that are supported for MED-V 1.0 SP1 client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/?LinkId=31975) (http://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/?LinkId=31976) (http://go.microsoft.com/fwlink/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
  
 
@@ -146,7 +146,7 @@ MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1
 The following table lists the operating systems supported for MED-V 1.0 SP1 workspaces.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/?LinkId=31975) (http://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/?LinkId=31976) (http://go.microsoft.com/fwlink/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
  
 
@@ -225,7 +225,7 @@ MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1
 The following table lists the operating systems supported for MED-V 1.0 SP1 server installations.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/?LinkId=31975) (http://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/?LinkId=31976) (http://go.microsoft.com/fwlink/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
  
 
diff --git a/mdop/medv-v1/med-v-installation-prerequisites.md b/mdop/medv-v1/med-v-installation-prerequisites.md
index 3957776b1d..053c904941 100644
--- a/mdop/medv-v1/med-v-installation-prerequisites.md
+++ b/mdop/medv-v1/med-v-installation-prerequisites.md
@@ -55,19 +55,19 @@ SQL Server can be installed on the same server as the MED-V server or on a remot
 
 2.  Install the following files on the MED-V server:
 
-    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Native Client](http://go.microsoft.com/fwlink/?LinkId=164039) from the Microsoft Download Center.
+    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Native Client](https://go.microsoft.com/fwlink/?LinkId=164039) from the Microsoft Download Center.
 
-    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Native Client](http://go.microsoft.com/fwlink/?LinkId=164038) from the Microsoft Download Center.
+    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Native Client](https://go.microsoft.com/fwlink/?LinkId=164038) from the Microsoft Download Center.
 
-    -   To install the required dll files for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Management Objects Collection](http://go.microsoft.com/fwlink/?LinkId=164041) from the Microsoft Download Center.
+    -   To install the required dll files for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Management Objects Collection](https://go.microsoft.com/fwlink/?LinkId=164041) from the Microsoft Download Center.
 
-    -   To install the required dll files for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Management Objects](http://go.microsoft.com/fwlink/?LinkId=164040) from the Microsoft Download Center.
+    -   To install the required dll files for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Management Objects](https://go.microsoft.com/fwlink/?LinkId=164040) from the Microsoft Download Center.
 
-    -   To install the stand-alone install packages that provide additional value for SQL Server 2008, download the [Microsoft SQL Server 2008 Feature Pack](http://go.microsoft.com/fwlink/?LinkId=163960) from the Microsoft Download Center.
+    -   To install the stand-alone install packages that provide additional value for SQL Server 2008, download the [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=163960) from the Microsoft Download Center.
 
-    -   To install the stand-alone install packages that provide additional value for SQL Server 2005, download the [Feature Pack for Microsoft SQL Server 2005]( http://go.microsoft.com/fwlink/?LinkId=163961) from the Microsoft Download Center.
+    -   To install the stand-alone install packages that provide additional value for SQL Server 2005, download the [Feature Pack for Microsoft SQL Server 2005]( https://go.microsoft.com/fwlink/?LinkId=163961) from the Microsoft Download Center.
 
-    For more information about these files, see [Microsoft SQL Server 2008 Feature Pack](http://go.microsoft.com/fwlink/?LinkId=163960) on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=163960) or [Feature Pack for Microsoft SQL Server 2005](http://go.microsoft.com/fwlink/?LinkId=163961) on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=163961).
+    For more information about these files, see [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=163960) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=163960) or [Feature Pack for Microsoft SQL Server 2005](https://go.microsoft.com/fwlink/?LinkId=163961) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=163961).
 
 ## <a href="" id="bkmk-antivirusbackupsoftwareconfiguration"></a>Antivirus/Backup Software Configuration
 
@@ -94,13 +94,13 @@ If Virtual PC for Windows exists on the host computer, uninstall it before insta
 
 **To install Microsoft Virtual PC 2007 SP1**
 
-1.  Download Virtual PC 2007 SP1 from the Microsoft Download Center [Virtual PC 2007 SP1](http://go.microsoft.com/fwlink/?LinkId=142994).
+1.  Download Virtual PC 2007 SP1 from the Microsoft Download Center [Virtual PC 2007 SP1](https://go.microsoft.com/fwlink/?LinkId=142994).
 
 2.  Run the installation file on the host computer, and follow the wizard.
 
 3.  Install Virtual PC 2007 SP1 update on the host computer in elevated mode.
 
-    For more information, see [the description of the hotfix package for Virtual PC 2007 SP1](http://go.microsoft.com/fwlink/?LinkId=150575).
+    For more information, see [the description of the hotfix package for Virtual PC 2007 SP1](https://go.microsoft.com/fwlink/?LinkId=150575).
 
     **Note**  
     The Virtual PC 2007 SP1 update is required for running Virtual PC 2007 SP1.
diff --git a/mdop/medv-v2/configure-environment-prerequisites.md b/mdop/medv-v2/configure-environment-prerequisites.md
index 8e5f590264..6433d80f37 100644
--- a/mdop/medv-v2/configure-environment-prerequisites.md
+++ b/mdop/medv-v2/configure-environment-prerequisites.md
@@ -28,7 +28,7 @@ The MED-V Guest Agent is only supported in Windows XP SP3.
 The MED-V Host and Guest agents and the MED-V Workspace Packager require the Microsoft .NET Framework 3.5 SP1.
 
 **Important**  
-You must also install the update [KB959209](http://go.microsoft.com/fwlink/?LinkId=204950) (http://go.microsoft.com/fwlink/?LinkId=204950), which addresses several known application compatibility issues.
+You must also install the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950), which addresses several known application compatibility issues.
 
  
 
diff --git a/mdop/medv-v2/configure-installation-prerequisites.md b/mdop/medv-v2/configure-installation-prerequisites.md
index 7248ec2a87..faa82e6b04 100644
--- a/mdop/medv-v2/configure-installation-prerequisites.md
+++ b/mdop/medv-v2/configure-installation-prerequisites.md
@@ -31,7 +31,7 @@ If a version of Virtual PC for Windows already exists on the host computer, you
 
 **To install Windows Virtual PC**
 
-1.  Download [Windows Virtual PC](http://go.microsoft.com/fwlink/?LinkId=195918) from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=195918).
+1.  Download [Windows Virtual PC](https://go.microsoft.com/fwlink/?LinkId=195918) from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195918).
 
 2.  Run the installation file on the host computer, and follow the steps in the wizard.
 
@@ -59,13 +59,13 @@ In addition to the update listed here, we recommend that you review all availabl
 
 1.  Download the required Windows Virtual PC update from the Microsoft Download Center.
 
-    [32-bit Update](http://go.microsoft.com/fwlink/?LinkId=195919) (http://go.microsoft.com/fwlink/?LinkId=195919).
+    [32-bit Update](https://go.microsoft.com/fwlink/?LinkId=195919) (https://go.microsoft.com/fwlink/?LinkId=195919).
 
-    [64-bit Update](http://go.microsoft.com/fwlink/?LinkId=195920) (http://go.microsoft.com/fwlink/?LinkId=195920).
+    [64-bit Update](https://go.microsoft.com/fwlink/?LinkId=195920) (https://go.microsoft.com/fwlink/?LinkId=195920).
 
 2.  Run the installation file on the host computer in elevated mode, and follow the steps in the wizard.
 
-    For more information about the hotfix package for Windows Virtual PC, see [article 977206](http://go.microsoft.com/fwlink/?LinkId=195921) (http://go.microsoft.com/fwlink/?LinkId=195921).
+    For more information about the hotfix package for Windows Virtual PC, see [article 977206](https://go.microsoft.com/fwlink/?LinkId=195921) (https://go.microsoft.com/fwlink/?LinkId=195921).
 
 ## <a href="" id="bkmk-antivirusbackupsoftwareconfiguration"></a>How to Configure Antivirus/Backup Software
 
diff --git a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
index 887be3896a..c4a9a942e4 100644
--- a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
@@ -29,7 +29,7 @@ Follow these steps to configure your MED-V image for running first time setup:
 
 1.  As part of preparing your image for use with MED-V, you can configure various settings on the virtual machine, such as specifying the settings for running Windows Update. Specify all the necessary virtual machine settings before you create the MED-V workspace package.
 
-2.  Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](http://go.microsoft.com/fwlink/?LinkId=195927) (http://go.microsoft.com/fwlink/?LinkId=195927).
+2.  Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927).
 
     **Note**  
     You can set up your Sysprep.inf file to disable restore points when first time setup is run. For an example of setting this GuiRunOnce key, see the sample Sysprep.inf file later in this section.
@@ -58,7 +58,7 @@ After you have completed customization of your MED-V image, you are ready to sea
 2.  In a MED-V environment, you can use Sysprep to assign unique security IDs (SID) and other settings to each MED-V workspace the first time that they are started.
 
     **Note**  
-    For more information about how to use Sysprep, see [Sysprep Technical Reference](http://go.microsoft.com/fwlink/?LinkId=195930) (http://go.microsoft.com/fwlink/?LinkId=195930).
+    For more information about how to use Sysprep, see [Sysprep Technical Reference](https://go.microsoft.com/fwlink/?LinkId=195930) (https://go.microsoft.com/fwlink/?LinkId=195930).
 
      
 
@@ -81,13 +81,13 @@ After you have completed customization of your MED-V image, you are ready to sea
 
     1.  Create a folder named *Sysprep* in the root of the MED-V image system drive.
 
-    2.  Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](http://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=195928).
+    2.  Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](https://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195928).
 
     3.  From the deploy.cab file, copy or extract the Setupmgr.exe, Sysprep.exe, and Setupcl.exe files to the Sysprep folder.
 
     4.  In the Sysprep folder, run **Setup Manager** (Setupmgr.exe) to create a Sysprep.inf answer file.
 
-        Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](http://go.microsoft.com/fwlink/?LinkId=195929) (http://go.microsoft.com/fwlink/?LinkId=195929).
+        Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](https://go.microsoft.com/fwlink/?LinkId=195929) (https://go.microsoft.com/fwlink/?LinkId=195929).
 
     5.  Follow the **Setup Manager** wizard.
 
diff --git a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
index 14202ab249..cdf7325436 100644
--- a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
@@ -32,11 +32,11 @@ To create a virtual image for MED-V, you must follow these steps.
 
 To create a Windows Virtual PC image, see the Windows Virtual PC documentation:
 
--   [Windows Virtual PC Home Page](http://go.microsoft.com/fwlink/?LinkId=148103) (http://go.microsoft.com/fwlink/?LinkId=148103).
+-   [Windows Virtual PC Home Page](https://go.microsoft.com/fwlink/?LinkId=148103) (https://go.microsoft.com/fwlink/?LinkId=148103).
 
--   [Windows Virtual PC Help](http://go.microsoft.com/fwlink/?LinkId=182378) (http://go.microsoft.com/fwlink/?LinkId=182378).
+-   [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) (https://go.microsoft.com/fwlink/?LinkId=182378).
 
-Alternately, if you already have a Windows Imaging (WIM) file that you want to use as the basis for your virtual image, you can convert it to a VHD that you use to build the MED-V workspace. For more information about how to convert a WIM to a virtual hard disk, see [Native VHD Support in Windows 7](http://go.microsoft.com/fwlink/?LinkId=195922) (http://go.microsoft.com/fwlink/?LinkId=195922).
+Alternately, if you already have a Windows Imaging (WIM) file that you want to use as the basis for your virtual image, you can convert it to a VHD that you use to build the MED-V workspace. For more information about how to convert a WIM to a virtual hard disk, see [Native VHD Support in Windows 7](https://go.microsoft.com/fwlink/?LinkId=195922) (https://go.microsoft.com/fwlink/?LinkId=195922).
 
 **Important**  
 MED-V only supports one virtual hard disk per virtual machine and only one partition on each virtual disk.
@@ -50,12 +50,12 @@ After you have created your virtual hard disk, install Windows XP on the image.
 
 MED-V requires that Windows XP SP3 is installed on the Windows Virtual PC image before you build the MED-V workspace.
 
-For more information about how to install Windows XP, see [Create a virtual machine and install a guest operating system](http://go.microsoft.com/fwlink/?LinkId=182379) (http://go.microsoft.com/fwlink/?LinkId=182379).
+For more information about how to install Windows XP, see [Create a virtual machine and install a guest operating system](https://go.microsoft.com/fwlink/?LinkId=182379) (https://go.microsoft.com/fwlink/?LinkId=182379).
 
 ## <a href="" id="bkmk-installingnet"></a>Installing the .NET Framework 3.5 SP1 on a Windows Virtual PC Image
 
 
-You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. The update [KB959209](http://go.microsoft.com/fwlink/?LinkId=204950) (http://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
+You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. The update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
 
 ## <a href="" id="bkmk-applypatchestovpc"></a>Applying Updates to the Windows Virtual PC Image
 
@@ -74,7 +74,7 @@ When you install updates to Windows XP, make sure that you remain on the version
 
 ### Installing an Optional Performance Update
 
-Although it is optional, we recommend that you install the following update for [hotfix KB972435](http://go.microsoft.com/fwlink/?LinkId=201077) (http://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session:
+Although it is optional, we recommend that you install the following update for [hotfix KB972435](https://go.microsoft.com/fwlink/?LinkId=201077) (https://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session:
 
 **Note**  
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
@@ -107,16 +107,16 @@ When you configure the virtual image to work with MED-V, you must manually insta
 
 For more information about how to install and use the Integration Components package, see the following:
 
--   [Install or Upgrade the Integration Components Package](http://go.microsoft.com/fwlink/?LinkId=195923) (http://go.microsoft.com/fwlink/?LinkId=195923).
+-   [Install or Upgrade the Integration Components Package](https://go.microsoft.com/fwlink/?LinkId=195923) (https://go.microsoft.com/fwlink/?LinkId=195923).
 
--   [About Integration Features](http://go.microsoft.com/fwlink/?LinkId=195924) (http://go.microsoft.com/fwlink/?LinkId=195924).
+-   [About Integration Features](https://go.microsoft.com/fwlink/?LinkId=195924) (https://go.microsoft.com/fwlink/?LinkId=195924).
 
 ### Installing RemoteApp Update
 
 After you install the Integration Components package, you are prompted to install the following update: "Update for Windows XP SP3 to enable RemoteApp." This is a required component for MED-V.
 
 **Important**  
-If you are not prompted to install the RemoteApp update, you must download and install it manually. For more information and instructions about how to download this update, see [Update for Windows XP SP3 to enable RemoteApp](http://go.microsoft.com/fwlink/?LinkId=195925) (http://go.microsoft.com/fwlink/?LinkId=195925).
+If you are not prompted to install the RemoteApp update, you must download and install it manually. For more information and instructions about how to download this update, see [Update for Windows XP SP3 to enable RemoteApp](https://go.microsoft.com/fwlink/?LinkId=195925) (https://go.microsoft.com/fwlink/?LinkId=195925).
 
  
 
@@ -124,12 +124,12 @@ If you are not prompted to install the RemoteApp update, you must download and i
 
 By default, Remote Desktop is enabled after you install the Integration Components package. For MED-V to be operational, ensure that Remote Desktop is enabled, and do not distribute any Group Policy that disables it.
 
-For information about how to enable Remote Desktop, see [Enable or disable Remote Desktop](http://go.microsoft.com/fwlink/?LinkId=201162) (http://go.microsoft.com/fwlink/?LinkId=201162).
+For information about how to enable Remote Desktop, see [Enable or disable Remote Desktop](https://go.microsoft.com/fwlink/?LinkId=201162) (https://go.microsoft.com/fwlink/?LinkId=201162).
 
 ## Customizing Internet Explorer by Using the Internet Explorer Administration Kit
 
 
-If you want, you can use the Internet Explorer Administration Kit to customize Internet Explorer on the guest operating system. For more information, see the [Internet Explorer 6 Administration Kit and Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=200007) (http:// go.microsoft.com/fwlink/?LinkId=200007).
+If you want, you can use the Internet Explorer Administration Kit to customize Internet Explorer on the guest operating system. For more information, see the [Internet Explorer 6 Administration Kit and Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=200007) (http:// go.microsoft.com/fwlink/?LinkId=200007).
 
 **Warning**  
 You should consider security concerns associated with customizing Internet Explorer in the MED-V workspace. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
diff --git a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
index cfd3d8eece..61a47be0c8 100644
--- a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
+++ b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
@@ -23,7 +23,7 @@ Because MED-V is a desktop-based solution, it works with your existing infrastru
 If you are currently using an electronic software distribution solution, you can use that to distribute MED-V workspaces and their dependent applications. You can also use this solution for distribution of subsequent applications after MED-V is deployed. For more information about deploying MED-V with an ESD, see [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md).
 
 **Note**  
-Whichever electronic software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](http://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkId=66999).
+Whichever electronic software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
  
 
diff --git a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
index 5a971ee220..6703f60d3e 100644
--- a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
+++ b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
@@ -26,7 +26,7 @@ The step-by-step procedures that you follow in a MED-V operations scenario inclu
 
 -   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingwindowsxpontovpc) reviews how to install the Windows XP SP3 operating system on your Windows Virtual PC image. MED-V requires that Windows XP SP3 is installed on the Windows Virtual PC image before you build the MED-V workspace.
 
--   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingnet) reviews how to manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. MED-V requires the .NET Framework 3.5 SP1, and the update [KB959209](http://go.microsoft.com/fwlink/?LinkId=204950) (http://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
+-   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingnet) reviews how to manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. MED-V requires the .NET Framework 3.5 SP1, and the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
 
 -   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-applypatchestovpc) reviews how to update your Windows XP image with the latest software updates and other hotfixes necessary or important for running MED-V.
 
diff --git a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
index f020b8536e..544141d6d3 100644
--- a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
+++ b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
@@ -37,7 +37,7 @@ You can add and remove URL redirection information by performing one of the foll
 
     If you are adding URLs to the registry key, enter them one per line, as was required when you built the MED-V workspace package. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-2.  Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+2.  Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
 **Note**  
 This method of editing URL redirection information is a MED-V best practice.
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
index d642c59eee..adfd91f54c 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
@@ -19,7 +19,7 @@ The following section provides information and instructions to help you deploy t
 
 **To deploy a MED-V workspace in a Windows 7 image**
 
-1.  Create a standard image of Windows 7. For more information, see [Building a Standard Image of Windows 7: Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=204843) (http://go.microsoft.com/fwlink/?LinkId=204843).
+1.  Create a standard image of Windows 7. For more information, see [Building a Standard Image of Windows 7: Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=204843) (https://go.microsoft.com/fwlink/?LinkId=204843).
 
 2.  In the Windows 7 image, install Windows Virtual PC and the Windows Virtual PC updates. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md).
 
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
index 09b62dd423..55ac6b1ec0 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
@@ -16,14 +16,14 @@ ms.prod: w7
 An electronic software distribution system is designed to efficiently move software to many different computers over slow or fast network connections. The following section provides information and instructions to help you deploy your MED-V workspace throughout your enterprise by using a software distribution system.
 
 **Note**  
-Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](http://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkId=66999).
+Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
  
 
 **Important**  
 If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content.
 
-The [hotfix to improve the functionality for VMs that are managed by MED-V](http://go.microsoft.com/fwlink/?LinkId=201088) (http://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
+The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
 
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
diff --git a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
index e794a345cb..171a89953e 100644
--- a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
@@ -16,14 +16,14 @@ ms.prod: w7
 An electronic software distribution system can help you efficiently move software to many computers over slow or fast network connections. The following section provides information and instructions to help you deploy the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 components throughout your enterprise by using a software distribution system.
 
 **Note**  
-Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](http://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkId=66999).
+Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
  
 
 **Important**  
 If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content.
 
-The [hotfix to improve the functionality for VMs that are managed by MED-V](http://go.microsoft.com/fwlink/?LinkId=201088) (http://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
+The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
 
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
diff --git a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
index 4b45e3baeb..163df79b5e 100644
--- a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
@@ -43,7 +43,7 @@ You can use the MED-V Workspace Packager to manage URL redirection in the MED-V
 
      
 
-4.  Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+4.  Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
     MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create the updated MED-V workspace package.
 
diff --git a/mdop/medv-v2/index.md b/mdop/medv-v2/index.md
index f5de2f22e6..7aaba93e6c 100644
--- a/mdop/medv-v2/index.md
+++ b/mdop/medv-v2/index.md
@@ -43,7 +43,7 @@ For more information about how to perform MED-V tasks, use the following section
 
 For more information about MED-V, see
 
-[Microsoft Windows Enterprise: Improving Virtual PCs with MED-V](http://go.microsoft.com/fwlink/?LinkId=195917) (http://go.microsoft.com/fwlink/?LinkId=195917).
+[Microsoft Windows Enterprise: Improving Virtual PCs with MED-V](https://go.microsoft.com/fwlink/?LinkId=195917) (https://go.microsoft.com/fwlink/?LinkId=195917).
 
  
 
diff --git a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
index ab01f5aeb9..be5657cbfd 100644
--- a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
+++ b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
@@ -42,7 +42,7 @@ You can use Group Policy and Group Policy objects to assign or publish applicati
 
 You can also use Group Policy and Group Policy objects in the same manner to remove applications from the MED-V workspace.
 
-For more information about how to add and remove applications by using Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+For more information about how to add and remove applications by using Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
 ## <a href="" id="bkmk-esd"></a> Adding and Removing Applications by Using an ESD System
 
@@ -56,7 +56,7 @@ Microsoft Application Virtualization (App-V) provides the administrative capabil
 
 You can use MED-V together with App-V to add and remove virtual applications on a deployed MED-V workspace. To manage applications in this manner, you must first install the App-V agent on the MED-V guest operating system. You can then use App-V in the MED-V workspace to add and remove the virtual applications.
 
-For information about how to install and use App-V, see [Application Virtualization](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939).
+For information about how to install and use App-V, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939).
 
 **Important**  
 App-V applications that you publish to the MED-V workspace have file-type associations that cannot redirect from the host computer to the guest virtual machine. However, the end user can still access these file types by clicking **File**, and then by clicking **Open** on the published App-V application.
diff --git a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
index 397318a04a..414b6c825b 100644
--- a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
+++ b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
@@ -43,9 +43,9 @@ Repeat these steps for any software or application that you want to install on t
 
 For more information about how to install software on a virtual image, see the following articles:
 
--   [Publish and Use Virtual Applications](http://go.microsoft.com/fwlink/?LinkId=195926) (http://go.microsoft.com/fwlink/?LinkId=195926).
+-   [Publish and Use Virtual Applications](https://go.microsoft.com/fwlink/?LinkId=195926) (https://go.microsoft.com/fwlink/?LinkId=195926).
 
--   [Windows Virtual PC Help](http://go.microsoft.com/fwlink/?LinkId=182378) (http://go.microsoft.com/fwlink/?LinkId=182378).
+-   [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) (https://go.microsoft.com/fwlink/?LinkId=182378).
 
 After you have installed all of the software that you want on the MED-V image, your image is ready to be packaged.
 
diff --git a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
index c7ad9749c6..c37764919e 100644
--- a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
@@ -21,7 +21,7 @@ The MED-V workspace is a virtual machine that contains a separate operating syst
 The MED-V workspace wake-up policy guarantees that the MED-V virtual machine is made available for updates for the time that you specify in your MED-V configuration settings. This applies to both updates that are published from Microsoft through Windows Update and updates deployed and controlled by non-Microsoft solutions, such as antivirus applications.
 
 **Important**  
-The MED-V workspace wake-up policy is optimized for the Microsoft Update infrastructure. If you are using Microsoft System Center Configuration Manager to deploy non-Microsoft updates, we recommend that you also use the System Center Updates Publisher, which takes advantage of the same infrastructure as Microsoft Update and therefore benefits from the MED-V workspace wake-up policy. For more information, see [System Center Updates Publisher](http://go.microsoft.com/fwlink/?LinkId=200035) (http://go.microsoft.com/fwlink/?LinkId=200035).
+The MED-V workspace wake-up policy is optimized for the Microsoft Update infrastructure. If you are using Microsoft System Center Configuration Manager to deploy non-Microsoft updates, we recommend that you also use the System Center Updates Publisher, which takes advantage of the same infrastructure as Microsoft Update and therefore benefits from the MED-V workspace wake-up policy. For more information, see [System Center Updates Publisher](https://go.microsoft.com/fwlink/?LinkId=200035) (https://go.microsoft.com/fwlink/?LinkId=200035).
 
  
 
diff --git a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
index b6d6f97c32..c59322f69c 100644
--- a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
@@ -75,7 +75,7 @@ You can use the MED-V Workspace Packager to manage certain settings in the MED-V
 
      
 
-4.  Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+4.  Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
     MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.
 
diff --git a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
index 0b1693f526..6be8fd72bd 100644
--- a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
@@ -32,7 +32,7 @@ For information about how to specify the configuration settings that define how
 
 3.  **Using Application Virtualization (APP-V)**
 
-    If you use MED-V together with App-V, you can provide software updates to applications in the MED-V workspace by following the steps that are required by App-V for updating software. For more information, see [Application Virtualization](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939).
+    If you use MED-V together with App-V, you can provide software updates to applications in the MED-V workspace by following the steps that are required by App-V for updating software. For more information, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939).
 
 4.  **Updating Software in the Core Image**
 
diff --git a/mdop/medv-v2/med-v-20-best-practices.md b/mdop/medv-v2/med-v-20-best-practices.md
index fe5933aee8..2893ba441f 100644
--- a/mdop/medv-v2/med-v-20-best-practices.md
+++ b/mdop/medv-v2/med-v-20-best-practices.md
@@ -21,11 +21,11 @@ Although you can specify any settings that you prefer, a MED-V best practice is
 
 ### Disable restore points on the virtual machine
 
-Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](http://go.microsoft.com/fwlink/?LinkId=195927) (http://go.microsoft.com/fwlink/?LinkId=195927).
+Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927).
 
 ### Configure MED-V image to use local profiles
 
-We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop customization policies do not typically have to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](http://go.microsoft.com/fwlink/?LinkId=205072) (http://go.microsoft.com/fwlink/?LinkId=205072).
+We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop customization policies do not typically have to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](https://go.microsoft.com/fwlink/?LinkId=205072) (https://go.microsoft.com/fwlink/?LinkId=205072).
 
 ### Configure a Group Policy performance update
 
diff --git a/mdop/medv-v2/med-v-20-deployment-overview.md b/mdop/medv-v2/med-v-20-deployment-overview.md
index 6e43197850..4af2d324d5 100644
--- a/mdop/medv-v2/med-v-20-deployment-overview.md
+++ b/mdop/medv-v2/med-v-20-deployment-overview.md
@@ -137,7 +137,7 @@ After MED-V and its required components are installed, MED-V must be configured.
 
 4.  After the MED-V workspace is restarted by Ftscompletion.exe, the end user is logged on. If they did not save their password during first time setup, they are prompted for it again. The MED-V workspace is then started and configured for the user. Configuration includes applying Group Policy.
 
-    We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop personalization policies do not typically need to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](http://go.microsoft.com/fwlink/?LinkId=205072) (http://go.microsoft.com/fwlink/?LinkId=205072).
+    We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop personalization policies do not typically need to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](https://go.microsoft.com/fwlink/?LinkId=205072) (https://go.microsoft.com/fwlink/?LinkId=205072).
 
 After first time setup is complete, the end user is notified that the published applications are ready. They are then able to access the applications installed in the MED-V workspace from their **Start** menu.
 
diff --git a/mdop/medv-v2/med-v-20-release-notes.md b/mdop/medv-v2/med-v-20-release-notes.md
index 483af712b5..baecc7445e 100644
--- a/mdop/medv-v2/med-v-20-release-notes.md
+++ b/mdop/medv-v2/med-v-20-release-notes.md
@@ -22,12 +22,12 @@ Read these release notes thoroughly before you install the Microsoft Enterprise
 ## About the Product Documentation
 
 
-Documentation for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 is distributed with the product and is also located at [Microsoft Enterprise Desktop Virtualization 2.0](http://go.microsoft.com/fwlink/?LinkID=207065) (http://go.microsoft.com/fwlink/?LinkId=207065).
+Documentation for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 is distributed with the product and is also located at [Microsoft Enterprise Desktop Virtualization 2.0](https://go.microsoft.com/fwlink/?LinkID=207065) (https://go.microsoft.com/fwlink/?LinkId=207065).
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with MED-V 2.0
 
diff --git a/mdop/medv-v2/operations-troubleshooting-medv2.md b/mdop/medv-v2/operations-troubleshooting-medv2.md
index ac2101a641..a789860a4e 100644
--- a/mdop/medv-v2/operations-troubleshooting-medv2.md
+++ b/mdop/medv-v2/operations-troubleshooting-medv2.md
@@ -82,7 +82,7 @@ None.
 
 **Solution**
 
-You can specify the length of time that MED-V waits to close unresponsive applications by setting the WaitToKillAppTimeout registry key in the guest virtual machine. For more information, see [How To Increase Shutdown Time So That Processes Can Quit Properly in Windows XP](http://go.microsoft.com/fwlink/?LinkId=206819) (http://go.microsoft.com/fwlink/?LinkId=206819).
+You can specify the length of time that MED-V waits to close unresponsive applications by setting the WaitToKillAppTimeout registry key in the guest virtual machine. For more information, see [How To Increase Shutdown Time So That Processes Can Quit Properly in Windows XP](https://go.microsoft.com/fwlink/?LinkId=206819) (https://go.microsoft.com/fwlink/?LinkId=206819).
 
 **Renaming a Published Application Shortcut in the Guest Virtual Machine does not Change the Published Name in the Host**. When you publish an application by creating a shortcut and then rename the shortcut in the guest virtual machine, the original application name remains in the host **Start** menu. The program continues to run as expected, however the program will always retain the original name.
 
diff --git a/mdop/medv-v2/technical-reference-for-med-v.md b/mdop/medv-v2/technical-reference-for-med-v.md
index 5f2c1e4e47..3f1ca2cd96 100644
--- a/mdop/medv-v2/technical-reference-for-med-v.md
+++ b/mdop/medv-v2/technical-reference-for-med-v.md
@@ -33,10 +33,10 @@ Provides information about how to upgrade your MED-V installation.
 <a href="" id="windows-virtual-pc-application-exclude-list"></a>[Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md)  
 Describes how to specify certain installed applications that you do not want published to the host computer.
 
-<a href="" id="med-v-2-configuration-cmdlets"></a>[MED-V 2 Configuration Cmdlets](http://go.microsoft.com/fwlink/?LinkId=213301)  
+<a href="" id="med-v-2-configuration-cmdlets"></a>[MED-V 2 Configuration Cmdlets](https://go.microsoft.com/fwlink/?LinkId=213301)  
 Provides information about cmdlets you can use to perform various MED-V configuration tasks from the command line.
 
-<a href="" id="med-v-2-workspace-cmdlets"></a>[MED-V 2 Workspace Cmdlets](http://go.microsoft.com/fwlink/?LinkId=213302)  
+<a href="" id="med-v-2-workspace-cmdlets"></a>[MED-V 2 Workspace Cmdlets](https://go.microsoft.com/fwlink/?LinkId=213302)  
 Provides information about cmdlets you can use to perform various MED-V workspace configuration tasks from the command line.
 
 <a href="" id="example-med-v-checklists"></a>[Example MED-V Checklists](example-med-v-checklists.md)  
diff --git a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
index 6d97c03bb7..fa6a813093 100644
--- a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
+++ b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
@@ -20,7 +20,7 @@ You can manage the feature settings of certain Microsoft Desktop Optimization Pa
 
 **How to download and deploy the MDOP Group Policy templates**
 
-1.  Download the MDOP Group Policy templates from <http://go.microsoft.com/fwlink/p/?LinkId=393941> .
+1.  Download the MDOP Group Policy templates from <https://go.microsoft.com/fwlink/p/?LinkId=393941> .
 
 2.  Run the downloaded file to extract the template folders.
 
diff --git a/mdop/uev-v1/accessibility-for-ue-v.md b/mdop/uev-v1/accessibility-for-ue-v.md
index 945e5bd331..aebe2a9c77 100644
--- a/mdop/uev-v1/accessibility-for-ue-v.md
+++ b/mdop/uev-v1/accessibility-for-ue-v.md
@@ -62,7 +62,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.</p></td>
 </tr>
 </tbody>
@@ -83,7 +83,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/p/?linkid=8431).
+For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
index 3f08b69f5b..d99aea03bd 100644
--- a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
+++ b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 The Microsoft User Experience Virtualization (UE-V) Agent installer, AgentSetup.exe, creates two scheduled tasks during the UE-V Agent installation. The two tasks are the **Template Auto Update** task and the **Setting Storage Location Status** task. These scheduled tasks are not configurable with the UE-V tools. Administrators who wish to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
-For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](http://go.microsoft.com/fwlink/?LinkID=264854).
+For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854).
 
 ## Template Auto-Update
 
diff --git a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
index 6651234e46..79324f056c 100644
--- a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
+++ b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
@@ -33,10 +33,10 @@ User Experience Virtualization delivers an enhanced user state virtualization ex
 
 This product requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, this product can help reduce your administrative overhead and total cost of ownership.
 
-If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272497> (http://go.microsoft.com/fwlink/?LinkId=272497).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272497> (https://go.microsoft.com/fwlink/?LinkId=272497).
 
  
 
diff --git a/mdop/uev-v1/index.md b/mdop/uev-v1/index.md
index 149477d081..ce46b1dc0d 100644
--- a/mdop/uev-v1/index.md
+++ b/mdop/uev-v1/index.md
@@ -38,11 +38,11 @@ Microsoft User Experience Virtualization (UE-V) captures and centralizes applica
 <a href="" id="microsoft-user-experience-virtualization--ue-v--1-0-release-notes"></a>[Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md)  
 View updated product information and known issues for UE-V 1.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
index c575f77c8b..d6b256689e 100644
--- a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
+++ b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
@@ -27,9 +27,9 @@ ADMX files can be installed and tested locally on any computer that runs the Win
 
 **To download the UE-V ADMX templates**
 
-1.  Download the UE-V ADMX template files: <http://go.microsoft.com/fwlink/p/?LinkId=393941>.
+1.  Download the UE-V ADMX template files: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
 
-2.  For more information about how to deploy the Group Policy templates, see <http://go.microsoft.com/fwlink/p/?LinkId=393944>.
+2.  For more information about how to deploy the Group Policy templates, see <https://go.microsoft.com/fwlink/p/?LinkId=393944>.
 
 ## Related topics
 
diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
index aaf57aed0f..b348650d8e 100644
--- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
+++ b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
@@ -59,7 +59,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
index 89c2bfc59e..1aed81ba9b 100644
--- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
+++ b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
@@ -54,7 +54,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
index 545ab193ce..1ecf43b423 100644
--- a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
+++ b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
@@ -16,7 +16,7 @@ ms.prod: w8
 ##  Share location templates with the template gallery
 
 
-The Microsoft User Experience Virtualization (UE-V) template gallery allows administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other people to use, and you can download templates that other people have created. The UE-V template gallery is located on Microsoft TechNet here: <http://go.microsoft.com/fwlink/p/?LinkID=246589>.
+The Microsoft User Experience Virtualization (UE-V) template gallery allows administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other people to use, and you can download templates that other people have created. The UE-V template gallery is located on Microsoft TechNet here: <https://go.microsoft.com/fwlink/p/?LinkID=246589>.
 
 Before you share a settings location template on the UE-V template gallery, make sure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share it with anyone outside your company.
 
diff --git a/mdop/uev-v1/supported-configurations-for-ue-v-10.md b/mdop/uev-v1/supported-configurations-for-ue-v-10.md
index aabe98a43b..8ab70ee12c 100644
--- a/mdop/uev-v1/supported-configurations-for-ue-v-10.md
+++ b/mdop/uev-v1/supported-configurations-for-ue-v-10.md
@@ -16,7 +16,7 @@ ms.prod: w8
 Microsoft User Experience Virtualization (UE-V) supports the following described configurations.
 
 **Note**  
-Microsoft provides support for the current service pack, and in some cases, the preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For more information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack, and in some cases, the preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For more information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/uev-v1/troubleshooting-ue-v-10.md b/mdop/uev-v1/troubleshooting-ue-v-10.md
index 03225ed777..7b0cc84f4e 100644
--- a/mdop/uev-v1/troubleshooting-ue-v-10.md
+++ b/mdop/uev-v1/troubleshooting-ue-v-10.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting UE-V 1.0
 
 
-Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ##  Find troubleshooting information
 
@@ -26,7 +26,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the MDOP product documentation**
 
-1.  Open a web browser and navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
+1.  Open a web browser and navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
 
 2.  Locate the **Search TechNet with Bing** search box and enter your search term.
 
@@ -34,7 +34,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the TechNet Wiki**
 
-1.  Open a web browser and navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Locate the **Search TechNet Wiki** search box and enter your search term.
 
@@ -47,7 +47,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Open a web browser and navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log on with your Windows Live ID.
 
diff --git a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
index 45aa73a732..16c77e3adc 100644
--- a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
+++ b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
@@ -92,7 +92,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 **Information Collected, Processed, or Transmitted:**
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=248701>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=248701>.
 
 **Use of Information:**
 
@@ -119,7 +119,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 **Information Collected, Processed, or Transmitted:**
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?LinkId=248702>.
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?LinkId=248702>.
 
 **Use of Information:**
 
@@ -131,7 +131,7 @@ If you choose the recommended settings during Windows setup, you turn on automat
 
 **Important Information:**
 
-Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at <http://go.microsoft.com/fwlink/?LinkId=262264>.
+Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at <https://go.microsoft.com/fwlink/?LinkId=262264>.
 
 UE-V will not modify the Microsoft Error Reporting preference and will honor the system setting in the Control Panel and/or the setting enforced via Group Policy.
 
@@ -144,15 +144,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=248704>
 
 **Use of Information:**
 
--   For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>.
+-   For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=248704>.
 
 -   Choice/Control:
 
-    For details about controlling this feature, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>.
+    For details about controlling this feature, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=248704>.
 
 ## Related topics
 
diff --git a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
index 64b640b2e6..8cfc4da6fd 100644
--- a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
@@ -57,7 +57,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.</p></td>
 </tr>
 </tbody>
@@ -78,7 +78,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/p/?linkid=8431).
+For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
index 5493bfd1dd..c5486d033d 100644
--- a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
@@ -16,7 +16,7 @@ ms.prod: w10
 Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 provide Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V.
 
 **Note**  
-Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495).
+Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495).
 
  
 
diff --git a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
index 2971a05834..da5caca883 100644
--- a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
+++ b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
@@ -34,7 +34,7 @@ With the exception of Collect CEIP Data, these tasks must remain enabled as UE-V
 
 These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
-For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](http://go.microsoft.com/fwlink/?LinkID=264854).
+For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854).
 
 For more information about
 
diff --git a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
index 778b479ca2..239e324e35 100644
--- a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
@@ -48,7 +48,7 @@ The Company Settings Center can include a hyperlink that users can click to get
 
 1.  Open your preferred management tool:
 
-    -   **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941).
+    -   **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941).
 
     -   **Windows PowerShell** – On a computer with the UE-V Agent installed, open **Windows PowerShell**. For more information about administering UE-V by using Windows PowerShell, see [Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md).
 
diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
index 0476446f14..036cada1cc 100644
--- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
+++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
@@ -226,7 +226,7 @@ To distribute a new Notepad template, you would perform these steps:
 ## Get the UE-V Configuration Pack
 
 
-The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](http://go.microsoft.com/fwlink/?LinkId=317263).
+The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](https://go.microsoft.com/fwlink/?LinkId=317263).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
index ccc160080f..4ec1527347 100644
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@@ -98,7 +98,7 @@ Before you proceed, make sure your environment includes these requirements for r
 
 Also…
 
--   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+-   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 -   **Administrative Credentials** for any computer on which you’ll be installing
 
diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md
index 4875f0d7c9..6eeef89ebe 100644
--- a/mdop/uev-v2/index.md
+++ b/mdop/uev-v2/index.md
@@ -300,11 +300,11 @@ For more information, and for late-breaking news that did not make it into the d
 
 ### More information
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
index fe8bb33a9e..a903b15af8 100644
--- a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI
 
 
-You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/?LinkId=393495) (http://go.microsoft.com/fwlink/?LinkId=393495).
+You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/?LinkId=393495) (https://go.microsoft.com/fwlink/?LinkId=393495).
 
 **To deploy the UE-V Agent by using Windows PowerShell**
 
diff --git a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
index daf1ff7f20..784a05752c 100644
--- a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI
 
 
-Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495) (http://go.microsoft.com/fwlink/p/?LinkId=393495).
+Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495) (https://go.microsoft.com/fwlink/p/?LinkId=393495).
 
 ## Manage UE-V 2 settings location templates by using Windows PowerShell
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
index ce504d629b..3225fa1cbe 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
@@ -59,7 +59,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
index dc3d01fbc5..f8ee54fd82 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
@@ -86,7 +86,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
index b2d83bf32b..b4759fe68c 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
@@ -86,7 +86,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
index 0916c46201..a97b55540e 100644
--- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
+++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
@@ -83,7 +83,7 @@ See [User Experience Virtualization (UE-V) settings templates for Microsoft Offi
 When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
 
 **Tip**  
-**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
  
 
@@ -172,7 +172,7 @@ UE-V 2.1 SP1 does not synchronize settings between the Microsoft Calculator in W
 When you install the UE-V 2.0 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
 
 **Tip**  
-**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](http://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
+**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
 
  
 
@@ -517,7 +517,7 @@ This PowerShell cmdlet disables credential synchronization:
 Disable-UevTemplate RoamingCredentialSettings
 ```
 
-[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](http://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy.
+[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](https://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy.
 
 1.  Open Group Policy Editor and navigate to **User Configuration – Administrative Templates – Windows Components – Microsoft User Experience Virtualization**.
 
@@ -597,7 +597,7 @@ The UE-V settings storage location and settings template catalog support storing
 
 -   Format the storage volume with an NTFS file system.
 
--   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](http://go.microsoft.com/fwlink/p/?LinkId=313991).
+-   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991).
 
     In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
 
@@ -692,12 +692,12 @@ Before you proceed, make sure your environment includes these requirements for r
 
 Also…
 
--   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+-   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 -   **Administrative Credentials** for any computer on which you’ll be installing
 
 **Note**  
--   The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](http://go.microsoft.com/fwlink/?LinkId=309609).
+-   The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
 
 -   Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
 -   The “Delete Roaming Cache” policy for Mandatory profiles is not supported with UE-V and should not be used.
diff --git a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
index ef418d7c0c..7aa983fc6e 100644
--- a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
@@ -33,143 +33,36 @@ Because settings packages might contain personal information, you should take ca
 
     1.  Set the following share-level SMB permissions for the setting storage location folder.
 
-        <table>
-        <colgroup>
-        <col width="50%" />
-        <col width="50%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Security group of UE-V</p></td>
-        <td align="left"><p>Full control</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        | User account | Recommended permissions |
+        | - | - |
+        | Everyone | No permissions |
+        |Security group of UE-V | Full control |
 
     2.  Set the following NTFS file system permissions for the settings storage location folder.
 
-        <table>
-        <colgroup>
-        <col width="33%" />
-        <col width="33%" />
-        <col width="33%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        <th align="left">Folder</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Creator/Owner</p></td>
-        <td align="left"><p>No permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain Admins</p></td>
-        <td align="left"><p>Full control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Security group of UE-V users</p></td>
-        <td align="left"><p>List folder/read data, create folders/append data</p></td>
-        <td align="left"><p>This folder only</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>Remove all permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        | User account | Recommended permissions | Folder |
+        | - | - | - |
+        | Creator/Owner | No permissions | No permissions |
+        | Domain Admins | Full control | This folder, subfolders, and files |
+        | Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
+        | Everyone | Remove all permissions | No permissions |
 
     3.  Set the following share-level SMB permissions for the settings template catalog folder.
 
-        <table>
-        <colgroup>
-        <col width="50%" />
-        <col width="50%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommend permissions</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain computers</p></td>
-        <td align="left"><p>Read permission Levels</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Administrators</p></td>
-        <td align="left"><p>Read/write permission levels</p></td>
-        </tr>
-        </tbody>
-        </table>
-
+        | User account | Recommend permissions |
+        | - | - |
+        | Everyone | No permissions |
+        | Domain computers | Read permission Levels |
+        | Administrators | Read/write permission levels |
          
-
     4.  Set the following NTFS permissions for the settings template catalog folder.
 
-        <table>
-        <colgroup>
-        <col width="33%" />
-        <col width="33%" />
-        <col width="33%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        <th align="left">Apply to</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Creator/Owner</p></td>
-        <td align="left"><p>Full control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain Computers</p></td>
-        <td align="left"><p>List folder contents and Read permissions</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Administrators</p></td>
-        <td align="left"><p>Full Control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        | User account | Recommended permissions | Apply to |
+        | - | - | - |
+        | Creator/Owner | Full control | This folder, subfolders, and files |
+        | Domain Computers | List folder contents and Read permissions | This folder, subfolders, and files|
+        | Everyone| No permissions| No permissions|
+        | Administrators| Full Control| This folder, subfolders, and files|
 
 ### Use Windows Server as of Windows Server 2003 to host redirected file shares
 
diff --git a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
index fbba2bc34c..4b20fbb7a1 100644
--- a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
+++ b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
@@ -15,12 +15,12 @@ ms.prod: w10
 
 Microsoft User Experience Virtualization (UE-V) 2.0 supports the synchronization of Microsoft Office 2013 application setting using a template available from the UE-V template gallery. The combination of UE-V 2 and App-V 5.0 SP2 support of Office 2013 Professional Plus enables the same experience on virtualized instance of Office 2013 from any UE-V-enabled device or virtualized desktop.
 
-To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](http://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
+To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](https://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
 
 ## Microsoft Office support in UE-V
 
 
-UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkId=391220).
+UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=391220).
 
 ## Synchronized Office 2013 Settings
 
@@ -112,7 +112,7 @@ You can deploy UE-V settings location template with the following methods:
 
 -   **Registering template via Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office 2013 template into the folder defined in the UE-V Agent. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploying the Settings Template Catalog for UE-V 2](http://technet.microsoft.com/library/dn458942.aspx#deploycatalogue).
 
--   **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](http://go.microsoft.com/fwlink/?LinkId=317263).
+-   **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](https://go.microsoft.com/fwlink/?LinkId=317263).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
index b46669f1a7..54488ba947 100644
--- a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting UE-V 2.x
 
 
-Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ##  Find troubleshooting information
 
@@ -26,7 +26,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the MDOP product documentation**
 
-1.  Open a web browser and browse to the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
+1.  Open a web browser and browse to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
 
 2.  Locate the **Search TechNet with Bing** search box and enter your search term.
 
@@ -34,7 +34,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the TechNet Wiki**
 
-1.  Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Locate the **Search TechNet Wiki** search box and enter your search term.
 
@@ -47,7 +47,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Sign in with your Microsoft account.
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
index a601d3e4a6..b0ac82f317 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
@@ -25,7 +25,7 @@ An Outlook profile must be created for any device on which a user wants to sync
 
  
 
-Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
+Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
 
 To enable settings synchronization using UE-V 2.1, do one of the following:
 
@@ -33,7 +33,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following:
 
 -   Do not enable the Office 365 synchronization experience during Office 2013 installation
 
-UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
 ## Fix for Distributed File System Namespace Users
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
index d8950b0ead..017b35478b 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
@@ -64,7 +64,7 @@ An Outlook profile must be created for any device on which a user wants to sync
 
  
 
-Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
+Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
 
 To enable settings synchronization using UE-V 2.1, do one of the following:
 
@@ -72,7 +72,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following:
 
 -   Do not enable the Office 365 synchronization experience during Office 2013 installation
 
-UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
index d0fe551e08..115cb8405c 100644
--- a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
+++ b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
@@ -139,7 +139,7 @@ It is possible to create or edit settings location templates in an XML editor wi
 ## <a href="" id="share"></a>Share Settings Location Templates with the Template Gallery
 
 
-The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](http://go.microsoft.com/fwlink/p/?LinkId=246589).
+The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](https://go.microsoft.com/fwlink/p/?LinkId=246589).
 
 Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
 
diff --git a/windows/breadcrumb/toc.yml b/windows/breadcrumb/toc.yml
new file mode 100644
index 0000000000..fa80416cab
--- /dev/null
+++ b/windows/breadcrumb/toc.yml
@@ -0,0 +1,19 @@
+- name: Windows
+  tocHref: /itpro/windows/
+  topicHref: /itpro/windows/index
+  items:
+  - name: What's new
+    tocHref: /itpro/windows/whats-new/
+    topicHref: /itpro/windows/whats-new/index
+  - name: Plan
+    tocHref: /itpro/windows/plan/
+    topicHref: /itpro/windows/plan/index
+  - name: Deploy
+    tocHref: /itpro/windows/deploy/
+    topicHref: /itpro/windows/deploy/index
+  - name: Keep secure
+    tocHref: /itpro/windows/keep-secure/
+    topicHref: /itpro/windows/keep-secure/index
+  - name: Manage
+    tocHref: /itpro/windows/manage/
+    topicHref: /itpro/windows/manage/index
\ No newline at end of file
diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index d75bd0ebe8..8d1cde1de9 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -61,6 +61,7 @@
 ### [Monitor activation [client]](monitor-activation-client.md)
 ### [Use the Volume Activation Management Tool [client]](use-the-volume-activation-management-tool-client.md)
 ### [Appendix: Information sent to Microsoft during activation [client]](appendix-information-sent-to-microsoft-during-activation-client.md)
+## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
 ## [Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md)
 ### [Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
 ### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md
index cd91b2b614..a3dce6ef96 100644
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: greg-lindsay
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Activate using Active Directory-based activation
@@ -22,10 +22,10 @@ localizationpriority: medium
 -   Windows Server 2008 R2
 
 **Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 R2 or Windows Server 2012, but after the schema is updated, older domain controllers can still activate clients.
-Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
+Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 or Windows Server 2012 R2, but after the schema is updated, older domain controllers can still activate clients.
+Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
 To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console in Windows Server 2012 R2 or the VAMT in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
 The process proceeds as follows:
 1.  Perform one of the following tasks:
@@ -38,7 +38,7 @@ The process proceeds as follows:
     
     **Figure 10**. The Active Directory-based activation flow
     
-For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
+For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
 If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office.
 Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180day period. By default, this reactivation event occurs every seven days.
 When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, when the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS.
diff --git a/windows/deploy/activate-using-key-management-service-vamt.md b/windows/deploy/activate-using-key-management-service-vamt.md
index 3fc787f902..0e20177f45 100644
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Activate using Key Management Service
@@ -24,7 +24,7 @@ localizationpriority: medium
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
 -   Host KMS on a computer running Windows 10
@@ -48,7 +48,7 @@ To enable KMS functionality, a KMS key is installed on a KMS host; then, the hos
     -   To activate by using the telephone, type **slui.exe 4**.
 3.  After activating the KMS key, restart the Software Protection Service.
 
-For more information, see the information for Windows 7 in [Deploy KMS Activation](http://go.microsoft.com/fwlink/p/?LinkId=717032).
+For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
 
 ## Key Management Service in Windows Server 2012 R2
 Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Sever 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
@@ -60,7 +60,7 @@ This scenario is commonly used in larger organizations that do not find the over
 
 **Note**  
 
-If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](http://go.microsoft.com/fwlink/p/?LinkId=620687).
+If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687).
 
 **Configure KMS in Windows Server 2012 R2**
 
@@ -122,7 +122,7 @@ The **/ato** command causes the operating system to attempt activation by using
 
 The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
 
-For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](http://go.microsoft.com/fwlink/p/?LinkId=733639).
+For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639).
 
 ## Key Management Service in earlier versions of Windows
 
@@ -133,7 +133,7 @@ If you have already established a KMS infrastructure in your organization for an
 3.  Install the new KMS host key on your KMS host.
 4.  Activate the new KMS host key by running the slmrg.vbs script.
 
-For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](http://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=626590).
+For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
 
 ## See also
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deploy/activate-windows-10-clients-vamt.md b/windows/deploy/activate-windows-10-clients-vamt.md
index c110f8233c..30cea0c7ff 100644
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Activate clients running Windows 10
@@ -24,7 +24,7 @@ localizationpriority: medium
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
 Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
@@ -84,7 +84,7 @@ KMS hosts on the network need to install a KMS key, and then be activated with M
 
 ### Activating subsequent Key Management Service hosts
 
-Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](http://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
+Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
 
 ## How Multiple Activation Key works
 
diff --git a/windows/deploy/active-directory-based-activation-overview.md b/windows/deploy/active-directory-based-activation-overview.md
index 9a64d7572a..7eced02f55 100644
--- a/windows/deploy/active-directory-based-activation-overview.md
+++ b/windows/deploy/active-directory-based-activation-overview.md
@@ -21,7 +21,7 @@ VAMT enables IT Professionals to manage and activate the Active Directory-Based
 
 ## Related topics
 
-- [How to Activate an Active Directory Forest Online](http://go.microsoft.com/fwlink/p/?LinkId=246565)
-- [How to Proxy Activate an Active Directory Forest](http://go.microsoft.com/fwlink/p/?LinkId=246566)
+- [How to Activate an Active Directory Forest Online](https://go.microsoft.com/fwlink/p/?LinkId=246565)
+- [How to Proxy Activate an Active Directory Forest](https://go.microsoft.com/fwlink/p/?LinkId=246566)
  
  
diff --git a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 5a3eadbc33..8fb81af58a 100644
--- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
 keywords: image, deploy, distribute
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index de701986b4..425d7331d5 100644
--- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -4,6 +4,7 @@ description: In this topic, you will learn how to configure the Windows Preinsta
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 keywords: deploy, task sequence
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
index bcf9e7aa13..c8b4b71449 100644
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -22,7 +22,7 @@ localizationpriority: medium
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 When you activate a computer running Windows 10, the following information is sent to Microsoft:
 
@@ -56,7 +56,7 @@ Standard computer information is also sent, but your computer’s IP address is
 ## Use of information
 
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
-For additional details, see [Windows 10 Privacy Statement](http://go.microsoft.com/fwlink/p/?LinkId=619879).
+For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
 ## See also
 
diff --git a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
index 1319888616..a6e7d69377 100644
--- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
+++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
 keywords: settings, database, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
index f015c71c1f..010284c04f 100644
--- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
@@ -5,6 +5,7 @@ ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
 keywords: replication, replicate, deploy, configure, remote
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -76,6 +77,7 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre
     ![figure 3](images/mdt-10-fig03.png)
 
     Figure 3. Sharing the **E:\\MDTProduction folder** on MDT02.
+
 ### Configure the deployment share
 
 When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
@@ -146,6 +148,7 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac
     1.  In the **Staging** tab, set the quota to **20480 MB**.
     2.  In the **Advanced** tab, set the quota to **8192 MB**.
         In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share:
+        
         ``` syntax
         (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
         ```
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index 3d0e742f97..fb3f4478ec 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -11,6 +11,11 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## September 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) | New | 
+
 ## RELEASE: Windows 10, version 1607
 
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
@@ -19,6 +24,13 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 - [Provision PCs with apps and certificates for initial deployment](provision-pcs-with-apps-and-certificates.md)
 - [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
 
+=======
+
+## August 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Windows 10 edition upgrade](windows-10-edition-upgrades.md) | Updated with reboot requirements | 
+
 ## July 2016
 | New or changed topic | Description |
 |----------------------|-------------|
diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index 61bc2e47c8..9591616e9d 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -4,6 +4,7 @@ description: This topic describes how to configure a PXE server to load Windows
 keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
@@ -21,7 +22,7 @@ This walkthrough describes how to configure a PXE server to load Windows PE by
 
 ## Prerequisites
 
-- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed.
+- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed.
 - A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
 - A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
 - A file server: A server hosting a network file share.
diff --git a/windows/deploy/configure-client-computers-vamt.md b/windows/deploy/configure-client-computers-vamt.md
index 704c8d01f9..c5334ea193 100644
--- a/windows/deploy/configure-client-computers-vamt.md
+++ b/windows/deploy/configure-client-computers-vamt.md
@@ -19,7 +19,7 @@ To enable the Volume Activation Management Tool (VAMT) to function correctly, ce
 Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
 
 **Important**  
-This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](http://go.microsoft.com/fwlink/p/?LinkId=182933).
+This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
 
 ## Configuring the Windows Firewall to allow VAMT access
 
@@ -56,12 +56,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W
     - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
 
 In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
-For more info, see [How to configure RPC dynamic port allocation to work with firewalls](http://go.microsoft.com/fwlink/p/?LinkId=182911).
+For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
 
 ## Create a registry value for the VAMT to access workgroup-joined computer
 
 **Caution**  
-This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](http://go.microsoft.com/fwlink/p/?LinkId=182912).
+This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
 
 On the client computer, create the following registry key using regedit.exe.
 
diff --git a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
index a94bee6b7b..c95b0fc69e 100644
--- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
+++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
@@ -5,6 +5,7 @@ ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
 keywords: rules, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/configure-mdt-2013-settings.md b/windows/deploy/configure-mdt-2013-settings.md
index ba84efd5c1..46c1e30220 100644
--- a/windows/deploy/configure-mdt-2013-settings.md
+++ b/windows/deploy/configure-mdt-2013-settings.md
@@ -5,6 +5,7 @@ ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
 keywords: customize, customization, deploy, features, tools
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/configure-mdt-deployment-share-rules.md b/windows/deploy/configure-mdt-deployment-share-rules.md
index 5eeadbbfd6..97a448f5da 100644
--- a/windows/deploy/configure-mdt-deployment-share-rules.md
+++ b/windows/deploy/configure-mdt-deployment-share-rules.md
@@ -5,6 +5,7 @@ ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
 keywords: rules, configuration, automate, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index a5cbfb7886..3d55bb7385 100644
--- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 keywords: tool, customize, deploy, boot image
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 0838ebde59..c00676a646 100644
--- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -5,6 +5,7 @@ ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
 keywords: deploy, upgrade, task sequence, install
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.pagetype: mdt
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md
index 50ec7f2fcf..4954dd3dcd 100644
--- a/windows/deploy/create-a-windows-10-reference-image.md
+++ b/windows/deploy/create-a-windows-10-reference-image.md
@@ -5,6 +5,7 @@ ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
 keywords: deploy, deployment, configure, customize, install, installation
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -115,7 +116,7 @@ By storing configuration items as MDT applications, it is easy to move these obj
 In these examples, we assume that you downloaded the software in this list to the E:\\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell.
 
 **Note**  
-All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](http://go.microsoft.com/fwlink/p/?LinkId=619523).
+All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523).
  
 ### Create the install: Microsoft Office Professional Plus 2013 x86
 
@@ -164,6 +165,7 @@ You also can customize the Office installation using a Config.xml file. But we r
 If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive).
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     Import-Topic "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
     New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"
@@ -173,7 +175,9 @@ If you need to add many applications, you can take advantage of the PowerShell s
 
 In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
+
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -187,6 +191,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
@@ -200,6 +205,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -213,6 +219,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
@@ -226,6 +233,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -239,6 +247,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
@@ -252,6 +261,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -265,6 +275,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda
 In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 5dbd28f0c8..4ee378dc32 100644
--- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -4,7 +4,9 @@ description: Microsoft System Center 2012 R2 Configuration Manager supports depl
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
 keywords: deployment, task sequence, custom, customize
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
index 7f92cbc0d8..05f3667cb6 100644
--- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
@@ -5,6 +5,7 @@ ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
 keywords: deployment, automate, tools, configure
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -28,7 +29,7 @@ Figure 1. The machines used in this topic.
 
 ## <a href="" id="sec01"></a>Step 1: Configure Active Directory permissions
 
-These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
+These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
 1.  On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
 2.  Select the **Service Accounts** organizational unit (OU) and create the MDT\_JD account using the following settings:
     1.  Name: MDT\_JD
@@ -177,7 +178,7 @@ Or, you can use this command in a normal command prompt:
 wmic csproduct get name
 ```
 
-If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](http://go.microsoft.com/fwlink/p/?LinkId=619536).
+If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](https://go.microsoft.com/fwlink/p/?LinkId=619536).
 
 ![figure 4](images/fig4-oob-drivers.png)
 
@@ -217,7 +218,7 @@ In these steps, we assume you have downloaded PROWinx64.exe from Intel.com and s
 
 For the Lenovo T420 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo T420 model has the 4178B9G model name, meaning the Machine Type is 4178.
 
-To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](http://go.microsoft.com/fwlink/p/?LinkId=619543).
+To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
 
 In these steps, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever v5.0 to the E:\\Drivers\\Lenovo\\ThinkPad T420 (4178) folder.
 
@@ -227,7 +228,7 @@ In these steps, we assume you have downloaded and extracted the drivers using Th
 
 ### For the Latitude E6440
 
-For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](http://go.microsoft.com/fwlink/p/?LinkId=619544).
+For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
 
 In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E6440 model to the E:\\Drivers\\Dell\\Latitude E6440 folder.
 
@@ -237,7 +238,7 @@ In these steps, we assume you have downloaded and extracted the CAB file for the
 
 ### For the HP EliteBook 8560w
 
-For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](http://go.microsoft.com/fwlink/p/?LinkId=619545).
+For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](https://go.microsoft.com/fwlink/p/?LinkId=619545).
 
 In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the E:\\Drivers\\Windows 10 x64\\HP\\HP EliteBook 8560w folder.
 
@@ -304,6 +305,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
     2.  CustomSettings.ini
 2.  Right-click the **MDT Production** deployment share and select **Properties**.
 3.  Select the **Rules** tab and modify using the following information:
+
     ``` syntax
     [Settings]
     Priority=Default
@@ -340,6 +342,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
     SkipFinalSummary=NO
     ```
 4.  Click **Edit Bootstrap.ini** and modify using the following information:
+
     ``` syntax
     [Settings]
     Priority=Default
@@ -630,7 +633,7 @@ Follow these steps to create a bootable USB stick from the offline media content
 
 ## <a href="" id="sec11"></a>Unified Extensible Firmware Interface (UEFI)-based deployments
 
-As referenced in [Windows 10 deployment tools](http://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.
+As referenced in [Windows 10 deployment tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.
 
 ![figure 14](images/mdt-07-fig16.png)
 
diff --git a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
index 2bc874cf8b..1a6a52fffb 100644
--- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
 keywords: deployment, image, UEFI, task sequence
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
index e3e558c24b..37ca1c3630 100644
--- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@@ -4,6 +4,7 @@ description: If you have Microsoft System Center 2012 R2 Configuration Manager
 ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363
 keywords: deployment, custom, boot
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
@@ -81,7 +82,7 @@ Operating system deployment with Configuration Manager is part of the normal sof
 ## See also
 
 
--   [Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+-   [Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
 
 -   [Windows deployment tools](windows-deployment-scenarios-and-tools.md)
 
@@ -93,7 +94,7 @@ Operating system deployment with Configuration Manager is part of the normal sof
 
 -   [Sideload Windows Store apps](http://technet.microsoft.com/library/dn613831.aspx)
 
--   [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803)
+-   [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803)
 
  
 
diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
index 93028930c5..4963952ab4 100644
--- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -5,7 +5,9 @@ ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb
 keywords: deploy, tools, configure, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
+localizationpriority: high
 author: mtniehaus
 ms.pagetype: mdt
 ---
@@ -20,7 +22,7 @@ This guide will walk you through the process of deploying Windows 10 in an ente
 The Microsoft Deployment Toolkit is a unified collection of tools, processes, and guidance for automating desktop and server deployment. In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the Windows Assessment and Deployment Kit (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
 MDT 2013 Update 2 supports the deployment of Windows 10, as well as Windows 7, Windows 8, Windows 8.1, and Windows Server 2012 R2. It also includes support for zero-touch installation (ZTI) with Microsoft System Center 2012 R2 Configuration Manager.
 
-To download the latest version of MDT, visit the [MDT resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+To download the latest version of MDT, visit the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
 
 ## In this section
 
@@ -71,13 +73,13 @@ Figure 2. The organizational unit (OU) structure used in this guide.
 ## Sample files
 
 The information in this guide is designed to help you deploy Windows 10. In order to help you put the information you learn into practice more quickly, we recommend that you download a small set of sample files for the fictitious Contoso Corporation:
--   [Gather.ps1](http://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
--   [Set-OUPermissions.ps1](http://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
--   [MDTSample.zip](http://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
+-   [Gather.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
+-   [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
+-   [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
 
 ## Related topics
 
-[Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
diff --git a/windows/deploy/deploy-windows-to-go.md b/windows/deploy/deploy-windows-to-go.md
index b4e13c5b8c..4b8717343e 100644
--- a/windows/deploy/deploy-windows-to-go.md
+++ b/windows/deploy/deploy-windows-to-go.md
@@ -19,156 +19,139 @@ author: mtniehaus
 
 This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
 
-**Note**  
-This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](http://go.microsoft.com/fwlink/p/?linkid=230693).
-
- 
+>[!NOTE]
+>This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](http://go.microsoft.com/fwlink/p/?linkid=230693).
 
 ## Deployment tips
 
-
 The following is a list of items that you should be aware of before you start the deployment process:
 
--   Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](../plan/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
+* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](../plan/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
 
--   After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
+* After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
 
--   When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
+* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
 
--   System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](http://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=619148).
+-   System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=619148).
 
--   If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
+* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
 
 ## Basic deployment steps
 
-
 Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
 
-Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](http://go.microsoft.com/fwlink/p/?LinkId=619149).
+Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](https://go.microsoft.com/fwlink/p/?LinkId=619149).
 
-**Warning**  
-If you are planning to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
-
- 
+>[!WARNING]
+>If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
 
 ### Create the Windows To Go workspace
 
-In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](http://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools.
+In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](https://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools.
 
-**Warning**  
-The preferred method for creating a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
+>[!WARNING]  
+>The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
 
- 
+#### To create a Windows To Go workspace with the Windows To Go Creator Wizard
 
-**To create a Windows To Go workspace with the Windows To Go Creator Wizard**
+1. Sign into your Windows PC using an account with Administrator privileges.
 
-1.  Sign into your Windows PC using an account with Administrator privileges.
+2. Insert the USB drive that you want to use as your Windows To Go drive into your PC.
 
-2.  Insert the USB drive that you want to use as your Windows To Go drive into your PC.
+3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
 
-3.  Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
+    >[!NOTE]  
+    >For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](http://go.microsoft.com/fwlink/p/?LinkId=619151).
 
-    **Note**  
-    For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](http://go.microsoft.com/fwlink/p/?LinkId=619151).
+4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
 
-     
+5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
 
-4.  Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
+6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
 
-5.  On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
+7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions.
+r
 
-6.  On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-
-7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions.
-
-    **Warning**  
-    If you are planning to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated.
-
-     
+    >[!WARNING]  
+    >If you plan to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated.
 
     If you choose to encrypt the Windows To Go drive now:
 
-    -   Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
+    - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
 
-    -   Retype the password, and then click Next.
 
-        **Important**  
-        The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](http://go.microsoft.com/fwlink/p/?LinkId=619157).
+        >[!IMPORTANT]  
+        >The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](https://go.microsoft.com/fwlink/p/?LinkId=619157).    
 
-         
+8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
 
-8.  Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
+    >[!WARNING]  
+    >The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.  
 
-    **Warning**  
-    The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.
+9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
 
-     
+Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](https://go.microsoft.com/fwlink/p/?LinkId=619159) using the Windows To Go startup options and boot your Windows To Go drive.
 
-9.  Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
-
-Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](http://go.microsoft.com/fwlink/p/?LinkId=619159) using the Windows To Go startup options and boot your Windows To Go drive.
-
-**Windows PowerShell equivalent commands**
+#### Windows PowerShell equivalent commands
 
 The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints. This procedure can only be used on PCs that are running Windows 10. Before starting, ensure that only the USB drive that you want to provision as a Windows To Go drive is connected to the PC.
 
-1.  Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
+1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
 
-2.  In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
+2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
 
     ``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+   # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
 
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-# 
-# To skip the confirmation prompt, append –confirm:$False
+   #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+   # 
+   # To skip the confirmation prompt, append –confirm:$False
     Clear-Disk –InputObject $Disk[0] -RemoveData 
 
-# This command initializes a new MBR disk 
+   # This command initializes a new MBR disk 
     Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
 
-# This command creates a 350 MB system partition
+   # This command creates a 350 MB system partition
     $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive 
 
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+   # This formats the volume with a FAT32 Filesystem
+   # To skip the confirmation dialog, append –Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+   # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
     $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+   # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
     Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
     Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
 
-# This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+   # This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-3.  Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
-
-    **Tip**  
-    The index number must be set correctly to a valid Enterprise image in the .WIM file.
-
-     
+3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
 
+    >[!TIP]  
+    >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+    
     ``` syntax
-#The WIM file must contain a sysprep generalized image.
+    #The WIM file must contain a sysprep generalized image.
     dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
     ```
 
-4.  Now use the [bcdboot](http://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
+4.  Now use the [bcdboot](https://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
+
 
     ``` syntax
     W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
     ```
 
-5.  Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
+5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
 
     ``` syntax
     <?xml version='1.0' encoding='utf-8' standalone='yes'?>
@@ -200,13 +183,13 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
     </unattend>
     ```
 
-6.  Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
+6. Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
 
     ``` syntax
     Dism.exe /Image:W:\ /Apply-Unattend:W:\san_policy.xml
     ```
 
-7.  Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
+7. Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
 
     ``` syntax
     <?xml version="1.0" encoding="utf-8"?>
@@ -232,38 +215,38 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
     </unattend>
     ```
 
-    Once the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\)
+    After the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\)
 
-    **Important**  
-    Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
+    >[!IMPORTANT]  
+    >Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
 
     If you do not wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
 
-     
 
-Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](http://go.microsoft.com/fwlink/p/?LinkId=619165) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](http://go.microsoft.com/fwlink/p/?LinkId=619166), or [enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619167).
+Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](https://go.microsoft.com/fwlink/p/?LinkId=619165) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](https://go.microsoft.com/fwlink/p/?LinkId=619166), or [enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619167).
+
 
 ### To prepare a host computer
 
 Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
 
-**Tip**  
-If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
+>[!TIP]  
+>If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
 
- 
 
 If you want to use the Windows To Go workspace, simply shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
 
 To set the Windows To Go Startup options for host computers running Windows 10:
 
-1.  Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
+1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
 
-2.  In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
 
 For host computers running Windows 8 or Windows 8.1:
 
-1.  Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
-2.  In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
+1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
+
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
 
 You can configure your organization's computers to automatically start from the USB drive by enabling the following Group Policy setting:
 
@@ -271,7 +254,7 @@ You can configure your organization's computers to automatically start from the
 
 After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it is started. Users will not be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected will not occur unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
 
-Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](http://go.microsoft.com/fwlink/p/?LinkId=619169) and [Enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619152).
+Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](https://go.microsoft.com/fwlink/p/?LinkId=619169) and [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152).
 
 ### Booting your Windows To Go workspace
 
@@ -302,80 +285,77 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 
 -   A domain user account with rights to add computer accounts to the domain and is a member of the Administrator group on the Windows To Go host computer
 
--   [DirectAccess](http://go.microsoft.com/fwlink/p/?LinkId=619170) configured on the domain
+-   [DirectAccess](https://go.microsoft.com/fwlink/p/?LinkId=619170) configured on the domain
 
 **To configure your Windows To Go workspace for remote access**
 
-1.  Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by &lt;&gt;) with the ones applicable for your environment:
+1. Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by &lt;&gt;) with the ones applicable for your environment:
 
     ``` syntax
     djoin /provision /domain <exampledomain.com> /machine <examplewindowstogo_workspace_name> /certtemplate <WorkstationAuthentication_template> /policynames <DirectAccess Client Policy: {GUID}> /savefile <C:\example\path\domainmetadatafile> /reuse   
     ```
 
-    **Note**  
-    The /certtemplate parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](http://go.microsoft.com/fwlink/p/?LinkId=619171).
+    >[!NOTE]  
+    >The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](https://go.microsoft.com/fwlink/p/?LinkId=619171).
 
-     
+2. Insert the Windows To Go drive.
 
-2.  Insert the Windows To Go drive.
+3. Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
 
-3.  Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
-
-4.  From the Windows PowerShell command prompt run:
+4. From the Windows PowerShell command prompt run:
 
     ``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+   # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
 
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-# 
-# To skip the confirmation prompt, append –confirm:$False
+   #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+   # 
+   # To skip the confirmation prompt, append –confirm:$False
     Clear-Disk –InputObject $Disk[0] -RemoveData 
 
-# This command initializes a new MBR disk 
+   # This command initializes a new MBR disk 
     Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
 
-# This command creates a 350 MB system partition
+   # This command creates a 350 MB system partition
     $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive 
 
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+   # This formats the volume with a FAT32 Filesystem
+   # To skip the confirmation dialog, append –Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+   # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
     $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+   # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
     Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
     Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
 
-# This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+   # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-5.  Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
 
-    **Tip**  
-    The index number must be set correctly to a valid Enterprise image in the .WIM file.
-
-     
 
+    >[!TIP]  
+    >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+    
     ``` syntax
-#The WIM file must contain a sysprep generalized image.
+    #The WIM file must contain a sysprep generalized image.
     dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
     ```
 
-6.  Once those commands have completed, run the following command:
+6.  After those commands have completed, run the following command:
 
     ``` syntax
     djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows   
     ```
 
-7.  Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](http://go.microsoft.com/fwlink/p/?LinkId=619172):
+7.  Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](https://go.microsoft.com/fwlink/p/?LinkId=619172):
 
     ``` syntax
     <?xml version="1.0" encoding="utf-8"?>
@@ -415,14 +395,12 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 
 9.  From a host computer, either on or off premises, start the computer and boot the Windows To Go workspace.
 
-    1.  If on premises using a host computer with a direct network connection, sign on using your domain credentials.
+    * If on premises using a host computer with a direct network connection, sign on using your domain credentials.
 
-    2.  If off premises, join a wired or wireless network with internet access and then sign on again using your domain credentials.
+    * If off premises, join a wired or wireless network with internet access and then sign on again using your domain credentials.
 
-    **Note**  
-    Depending on your DirectAccess configuration you might be asked to insert your smart card to logon to the domain.
-
-     
+    >[!NOTE]  
+    >Depending on your DirectAccess configuration you might be asked to insert your smart card to log on to the domain.
 
 You should now be able to access your organization’s network resources and work from your Windows To Go workspace as you would normally work from your standard desktop computer on premises.
 
@@ -430,13 +408,13 @@ You should now be able to access your organization’s network resources and wor
 
 Enabling BitLocker on your Windows To Go drive will help ensure that your data is protected from unauthorized use and that if your Windows To Go drive is lost or stolen it will not be easy for an unauthorized person to obtain confidential data or use the workspace to gain access to protected resources in your organization. When BitLocker is enabled, each time you boot your Windows To Go drive, you will be asked to provide the BitLocker password to unlock the drive. The following procedure provides the steps for enabling BitLocker on your Windows To Go drive:
 
-**Prerequisites for enabling BitLocker scenario**
+#### Prerequisites for enabling BitLocker scenario
 
--   A Windows To Go drive that can be successfully provisioned.
+* A Windows To Go drive that can be successfully provisioned.
 
--   A computer running Windows 8 configured as a Windows To Go host computer
+* A computer running Windows 8 configured as a Windows To Go host computer
 
--   Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary:
+* Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary:
 
     **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup**. This policy allows the use of a password key protector with an operating system drive; this policy must be enabled to configure BitLocker from within the Windows To Go workspace. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). You must enable this setting and select the **Allow BitLocker without a compatible TPM** check box and then enable the **Configure use of passwords for operating system drives** setting.
 
@@ -448,9 +426,9 @@ You can choose to enable BitLocker protection on Windows To Go drives before dis
 
 Enabling BitLocker during provisioning ensures that your operating system image is always protected by BitLocker. When enabling BitLocker during the provisioning process you can significantly reduce the time required for encrypting the drive by enabling BitLocker after configuring the disk and just prior to applying the image. If you use this method, you will need to give users their BitLocker password when you give then their Windows To Go workspace. Also, you should instruct your users to boot their workspace and change their BitLocker password as soon as possible (this can be done with standard user privileges).
 
-Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker see the [BitLocker Overview](http://go.microsoft.com/fwlink/p/?LinkId=619173).
+Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker see the [BitLocker Overview](https://go.microsoft.com/fwlink/p/?LinkId=619173).
 
-**BitLocker recovery keys**
+#### BitLocker recovery keys
 
 BitLocker recovery keys are the keys that can be used to unlock a BitLocker protected drive if the standard unlock method fails. It is recommended that your BitLocker recovery keys be backed up to Active Directory Domain Services (AD DS). If you do not want to use AD DS to store recovery keys you can save recovery keys to a file or print them. How BitLocker recovery keys are managed differs depending on when BitLocker is enabled.
 
@@ -459,134 +437,122 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 -   **Warning**  
     If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS is not used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place.
 
-     
+#### To enable BitLocker during provisioning
 
-**To enable BitLocker during provisioning**
+1. Start the host computer that is running Windows 8.
 
-1.  Start the host computer that is running Windows 8.
+2. Insert your Windows To Go drive.
 
-2.  Insert your Windows To Go drive.
+3. Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
 
-3.  Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
+4. Provision the Windows To Go drive using the following cmdlets:
 
-4.  Provision the Windows To Go drive using the following cmdlets:
+    >[!NOTE]  
+    >If you used the [manual method for creating a workspace](https://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step.
 
-    **Note**  
-    If you used the [manual method for creating a workspace](http://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step.
-
-     
-
-    ``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+   ``` syntax
+   # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
 
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-# 
-# To skip the confirmation prompt, append –confirm:$False
+   #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+   # 
+   # To skip the confirmation prompt, append –confirm:$False
     Clear-Disk –InputObject $Disk[0] -RemoveData 
 
-# This command initializes a new MBR disk 
+   # This command initializes a new MBR disk 
     Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
 
-# This command creates a 350 MB system partition
+   # This command creates a 350 MB system partition
     $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive 
 
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+   # This formats the volume with a FAT32 Filesystem
+   # To skip the confirmation dialog, append –Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+   # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
     $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+   # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
     Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
     Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
 
-# This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+   # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
+    
+   Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+   
+   >[!TIP]  
+   >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+   
+   ``` syntax
+   #The WIM file must contain a sysprep generalized image.
+   dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
+   ```
 
-    Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+5. In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
 
-    **Tip**  
-    The index number must be set correctly to a valid Enterprise image in the .WIM file.
+   ``` syntax
+   $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
+   ```
 
-     
+6. Next, use the following cmdlets to save the recovery key to a file:
 
-    ``` syntax
-#The WIM file must contain a sysprep generalized image.
-    dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
-    ```
+   ``` syntax
+   #The BitLocker Recovery key is essential if for some reason you forget the BitLocker password
+   #This recovery key can also be backed up into Active Directory using manage-bde.exe or the
+   #PowerShell cmdlet Backup-BitLockerKeyProtector.
+   $RecoveryPassword = $BitlockerRecoveryProtector.KeyProtector.RecoveryPassword
+   $RecoveryPassword > WTG-Demo_Bitlocker_Recovery_Password.txt
+   ```
 
-5.  In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
+7. Then, use the following cmdlets to add the password as a secure string. If you omit the password the cmdlet will prompt you for the password before continuing the operation:
 
-    ``` syntax
-    $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
-    ```
+   ``` syntax
+   # Create a variable to store the password
+   $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force 
+   Enable-BitLocker W: -PasswordProtector $spwd 
+   ```
+   
+   >[!WARNING]  
+   >To have BitLocker only encrypt used space on the disk append the parameter `–UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
 
-6.  Next, use the following cmdlets to save the recovery key to a file:
+8. Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten.
 
-    ``` syntax
-#The BitLocker Recovery key is essential if for some reason you forget the BitLocker password
-#This recovery key can also be backed up into Active Directory using manage-bde.exe or the
-#PowerShell cmdlet Backup-BitLockerKeyProtector.
-    $RecoveryPassword = $BitlockerRecoveryProtector.KeyProtector.RecoveryPassword
-    $RecoveryPassword > WTG-Demo_Bitlocker_Recovery_Password.txt
-    ```
+   >[!WARNING]  
+   >If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key.
+   
+   If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker). 
 
-7.  Then, use the following cmdlets to add the password as a secure string. If you omit the password the cmdlet will prompt you for the password before continuing the operation:
-
-    ``` syntax
-# Create a variable to store the password
-    $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force 
-    Enable-BitLocker W: -PasswordProtector $spwd 
-    ```
-
-    **Warning**  
-    To have BitLocker only encrypt used space on the disk append the parameter `–UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
-
-     
-
-8.  Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten.
-
-    **Warning**  
-    If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key.
-
-    If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker).
-
-     
-
-9.  Safely remove the Windows To Go drive.
+9. Safely remove the Windows To Go drive.
 
 The Windows To Go drives are now ready to be distributed to users and are protected by BitLocker. When you distribute the drives, make sure the users know the following:
 
--   Initial BitLocker password that they will need to boot the drives.
+* Initial BitLocker password that they will need to boot the drives.
 
--   Current encryption status.
+* Current encryption status.
 
--   Instructions to change the BitLocker password after the initial boot.
+* Instructions to change the BitLocker password after the initial boot.
 
--   Instructions for how to retrieve the recovery password if necessary. This may be a help desk process, an automated password retrieval site, or a person to contact.
+* Instructions for how to retrieve the recovery password if necessary. This may be a help desk process, an automated password retrieval site, or a person to contact.
 
 <a href="" id="enable-bitlocker"></a>
-**To enable BitLocker after distribution**
+#### To enable BitLocker after distribution
 
-1.  Insert your Windows To Go drive into your host computer (that is currently shut down) and then turn on the computer and boot into your Windows To Go workspace
+1. Insert your Windows To Go drive into your host computer (that is currently shut down) and then turn on the computer and boot into your Windows To Go workspace
 
-2.  Press **Windows logo key+W** to open **Search Settings**, type BitLocker and then select the item for BitLocker Drive Encryption.
+2. Press **Windows logo key+W** to open **Search Settings**, type BitLocker and then select the item for BitLocker Drive Encryption.
 
-3.  The drives on the workspace are displayed, click **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
+3. The drives on the workspace are displayed, click **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
 
-4.  Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option.
+4. Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option.
 
-**Note**  
-If you have not configured the Group Policy setting **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup** to specify **Allow BitLocker without a compatible TPM** you will not be able to enable BitLocker from within the Windows To Go workspace.
-
- 
+>[!NOTE]  
+>If you have not configured the Group Policy setting **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup** to specify **Allow BitLocker without a compatible TPM** you will not be able to enable BitLocker from within the Windows To Go workspace.
 
 ### Advanced deployment sample script
 
@@ -594,38 +560,36 @@ The following sample script supports the provisioning of multiple Windows To Go
 
 The sample script creates an unattend file that streamlines the deployment process so that the initial use of the Windows To Go drive does not prompt the end user for any additional configuration information before starting up.
 
-**Prerequisites for running the advanced deployment sample script**
+#### Prerequisites for running the advanced deployment sample script
 
--   To run this sample script you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
+* To run this sample script you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
 
--   Using offline domain join is required by this script, since the script does not create a local administrator user account. However, domain membership will automatically put “Domain admins” into the local administrators group. Review your domain policies. If you are using DirectAccess you will need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
+* Using offline domain join is required by this script, since the script does not create a local administrator user account. However, domain membership will automatically put “Domain admins” into the local administrators group. Review your domain policies. If you are using DirectAccess you will need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
 
--   The script needs to use drive letters, so you can only provision half as many drives as you have free drive letters.
+* The script needs to use drive letters, so you can only provision half as many drives as you have free drive letters.
 
-**To run the advanced deployment sample script**
+#### To run the advanced deployment sample script
 
-1.  Copy entire the code sample titled “Windows To Go multiple drive provisioning sample script” into a PowerShell script (.ps1) file.
+1. Copy entire the code sample titled “Windows To Go multiple drive provisioning sample script” into a PowerShell script (.ps1) file.
 
-2.  Make the modifications necessary for it to be appropriate to your deployment and save the file.
+2. Make the modifications necessary for it to be appropriate to your deployment and save the file.
 
-3.  Configure the PowerShell execution policy. By default PowerShell’s execution policy is set to Restricted; that means that scripts won’t run until you have explicitly given them permission to. To configure PowerShell’s execution policy to allow the script to run, use the following command from an elevated PowerShell prompt:
+3. Configure the PowerShell execution policy. By default PowerShell’s execution policy is set to Restricted; that means that scripts won’t run until you have explicitly given them permission to. To configure PowerShell’s execution policy to allow the script to run, use the following command from an elevated PowerShell prompt:
 
     ``` syntax
     Set-ExecutionPolicy RemoteSigned
     ```
 
-    The RemoteSigned execution policy will prevent unsigned scripts from the internet from running on the computer, but will allow locally created scripts to run. For more information on execution policies, see [Set-ExecutionPolicy](http://go.microsoft.com/fwlink/p/?LinkId=619175).
+    The RemoteSigned execution policy will prevent unsigned scripts from the internet from running on the computer, but will allow locally created scripts to run. For more information on execution policies, see [Set-ExecutionPolicy](https://go.microsoft.com/fwlink/p/?LinkId=619175).
 
-    **Tip**  
-    To get online help for any Windows PowerShell cmdlet, whether or not it is installed locally type the following cmdlet, replacing &lt;cmdlet-name&gt; with the name of the cmdlet you want to see the help for:
+    >[!TIP]  
+    >To get online help for any Windows PowerShell cmdlet, whether or not it is installed locally type the following cmdlet, replacing &lt;cmdlet-name&gt; with the name of the cmdlet you want to see the help for:
+    
+    >`Get-Help <cmdlet-name> -Online`
+    
+    >This command causes Windows PowerShell to open the online version of the help topic in your default Internet browser.
 
-    `Get-Help <cmdlet-name> -Online`
-
-    This command causes Windows PowerShell to open the online version of the help topic in your default Internet browser.
-
-     
-
-**Windows To Go multiple drive provisioning sample script**
+#### Windows To Go multiple drive provisioning sample script
 
 ``` syntax
 <#
@@ -998,7 +962,7 @@ write-output "" "Provisioning script complete."
 ## Considerations when using different USB keyboard layouts with Windows To Go
 
 
-Before provisioning your Windows To Go drive you need to consider if your workspace will boot on a computer with a non-English USB keyboard attached. As described in [KB article 927824](http://go.microsoft.com/fwlink/p/?LinkId=619176) there is a known issue where the plug and play ID causes the keyboard to be incorrectly identified as an English 101 key keyboard. To avoid this problem, you can modify the provisioning script to set the override keyboard parameters.
+Before provisioning your Windows To Go drive you need to consider if your workspace will boot on a computer with a non-English USB keyboard attached. As described in [KB article 927824](https://go.microsoft.com/fwlink/p/?LinkId=619176) there is a known issue where the plug and play ID causes the keyboard to be incorrectly identified as an English 101 key keyboard. To avoid this problem, you can modify the provisioning script to set the override keyboard parameters.
 
 In the PowerShell provisioning script, after the image has been applied, you can add the following commands that will correctly set the keyboard settings. The following example uses the Japanese keyboard layout:
 
@@ -1016,7 +980,7 @@ In the PowerShell provisioning script, after the image has been applied, you can
 
 [Windows To Go: feature overview](../plan/windows-to-go-overview.md)
 
-[Windows 10 forums](http://go.microsoft.com/fwlink/p/?LinkId=618949)
+[Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
 
 [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md)
 
@@ -1024,7 +988,7 @@ In the PowerShell provisioning script, after the image has been applied, you can
 
 [Security and data protection considerations for Windows To Go](../plan/security-and-data-protection-considerations-for-windows-to-go.md)
 
-[BitLocker overview](http://go.microsoft.com/fwlink/p/?LinkId=619173)
+[BitLocker overview](https://go.microsoft.com/fwlink/p/?LinkId=619173)
 
  
 
diff --git a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 2ed9de7378..61adccf988 100644
--- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -4,7 +4,9 @@ description: This topic walks you through the steps to finalize the configuratio
 ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
 keywords: configure, deploy, upgrade
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
index 85ad95c548..33998a9cbe 100644
--- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
@@ -5,6 +5,7 @@ ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
 keywords: deploy, image, feature, install, tools
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -34,7 +35,7 @@ Figure 1. The machines used in this topic.
 
 ## Related topics
 
-[Microsoft Deployment Toolkit downloads and documentation](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and documentation](https://go.microsoft.com/fwlink/p/?LinkId=618117)
 
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
 
diff --git a/windows/deploy/images/azureadjoined.png b/windows/deploy/images/azureadjoined.png
new file mode 100644
index 0000000000..e1babffb8d
Binary files /dev/null and b/windows/deploy/images/azureadjoined.png differ
diff --git a/windows/deploy/images/e3-activated.png b/windows/deploy/images/e3-activated.png
new file mode 100644
index 0000000000..7cca73443e
Binary files /dev/null and b/windows/deploy/images/e3-activated.png differ
diff --git a/windows/deploy/images/enterprise-e3-ad-connect.png b/windows/deploy/images/enterprise-e3-ad-connect.png
new file mode 100644
index 0000000000..195058f6f6
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-ad-connect.png differ
diff --git a/windows/deploy/images/enterprise-e3-choose-how.png b/windows/deploy/images/enterprise-e3-choose-how.png
new file mode 100644
index 0000000000..8e84535bfd
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-choose-how.png differ
diff --git a/windows/deploy/images/enterprise-e3-connect-to-work-or-school.png b/windows/deploy/images/enterprise-e3-connect-to-work-or-school.png
new file mode 100644
index 0000000000..90e1b1131f
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-connect-to-work-or-school.png differ
diff --git a/windows/deploy/images/enterprise-e3-lets-get-2.png b/windows/deploy/images/enterprise-e3-lets-get-2.png
new file mode 100644
index 0000000000..ef523d4af8
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-lets-get-2.png differ
diff --git a/windows/deploy/images/enterprise-e3-lets-get.png b/windows/deploy/images/enterprise-e3-lets-get.png
new file mode 100644
index 0000000000..582da1ab2d
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-lets-get.png differ
diff --git a/windows/deploy/images/enterprise-e3-set-up-work-or-school.png b/windows/deploy/images/enterprise-e3-set-up-work-or-school.png
new file mode 100644
index 0000000000..cebd87cff8
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-set-up-work-or-school.png differ
diff --git a/windows/deploy/images/enterprise-e3-sign-in.png b/windows/deploy/images/enterprise-e3-sign-in.png
new file mode 100644
index 0000000000..3029d3ef2b
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-sign-in.png differ
diff --git a/windows/deploy/images/enterprise-e3-who-owns.png b/windows/deploy/images/enterprise-e3-who-owns.png
new file mode 100644
index 0000000000..c3008869d2
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-who-owns.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png
new file mode 100644
index 0000000000..eb888b23b5
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png
new file mode 100644
index 0000000000..e4ac7398be
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png
new file mode 100644
index 0000000000..5fedfe5d06
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png
new file mode 100644
index 0000000000..84e39071db
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png differ
diff --git a/windows/deploy/install-configure-vamt.md b/windows/deploy/install-configure-vamt.md
index 49b3f8ec44..eb904768ad 100644
--- a/windows/deploy/install-configure-vamt.md
+++ b/windows/deploy/install-configure-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install and Configure VAMT
diff --git a/windows/deploy/install-kms-client-key-vamt.md b/windows/deploy/install-kms-client-key-vamt.md
index 9605053d6a..f1774ca7c8 100644
--- a/windows/deploy/install-kms-client-key-vamt.md
+++ b/windows/deploy/install-kms-client-key-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install a KMS Client Key
diff --git a/windows/deploy/install-product-key-vamt.md b/windows/deploy/install-product-key-vamt.md
index 71817b7b80..eed5461a87 100644
--- a/windows/deploy/install-product-key-vamt.md
+++ b/windows/deploy/install-product-key-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install a Product Key
@@ -30,7 +31,7 @@ You can use the Volume Activation Management Tool (VAMT) to install retail, Mult
 
     **Note**  
     Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right 
-    Volume License Key for Windows](http://go.microsoft.com/fwlink/p/?linkid=238382).
+    Volume License Key for Windows](https://go.microsoft.com/fwlink/p/?linkid=238382).
 
 ## Related topics
 
diff --git a/windows/deploy/install-vamt.md b/windows/deploy/install-vamt.md
index 07a9a72b5b..e88d197a83 100644
--- a/windows/deploy/install-vamt.md
+++ b/windows/deploy/install-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install VAMT
@@ -15,7 +16,7 @@ This topic describes how to install the Volume Activation Management Tool (VAMT)
 
 ## Install VAMT
 
-You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10.
+You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10.
 
 **Important**  
 VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator. 
diff --git a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
index 4a30f0f74c..149ba5e250 100644
--- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
+++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5
 ms.pagetype: mdt
 keywords: deploy, image, customize, task sequence
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
@@ -28,6 +29,7 @@ When MDT is integrated with Configuration Manager, the task sequence takes addit
 
 The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. Here are a few examples:
 -   The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is a HP EliteBook 8570w. Note that you don't have to add the package to the task sequence.
+
     ``` syntax
     [Settings] 
     Priority=Model
@@ -35,6 +37,7 @@ The task sequence uses instructions that allow you to reduce the number of task
     Packages001=PS100010:Install HP Hotkeys
     ```
 -   The following settings instruct the task sequence to put laptops and desktops in different organizational units (OUs) during deployment, assign different computer names, and finally have the task sequence install the Cisco VPN client, but only if the machine is a laptop.
+
     ``` syntax
     [Settings]
     Priority= ByLaptopType, ByDesktopType
diff --git a/windows/deploy/key-features-in-mdt-2013.md b/windows/deploy/key-features-in-mdt-2013.md
index 03f562ac8e..0264a106c0 100644
--- a/windows/deploy/key-features-in-mdt-2013.md
+++ b/windows/deploy/key-features-in-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868
 keywords: deploy, feature, tools, upgrade, migrate, provisioning
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -50,7 +51,7 @@ MDT 2013 has many useful features, the most important of which are:
 -   **Support for Office 2013.** Provides added support for deploying Microsoft Office Professional Plus 2013.
 -   **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
 -   **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
--   **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+-   **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
 
 ## Related topics
 
diff --git a/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md b/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md
index d2688e82f5..b75fb8989c 100644
--- a/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md
+++ b/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md
@@ -39,7 +39,7 @@ The Upgrade Analytics workflow steps you through the discovery and rationalizati
 
 - [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
 
-- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](http://go.microsoft.com/fwlink/?LinkID=822965)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
 
 ##**Related topics**
 
diff --git a/windows/deploy/mdt-2013-lite-touch-components.md b/windows/deploy/mdt-2013-lite-touch-components.md
index 48f1a250ad..2234092338 100644
--- a/windows/deploy/mdt-2013-lite-touch-components.md
+++ b/windows/deploy/mdt-2013-lite-touch-components.md
@@ -5,6 +5,7 @@ ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089
 keywords: deploy, install, deployment, boot, log, monitor
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -33,7 +34,7 @@ The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The r
 -   Domain to join, and organizational unit (OU) in Active Directory to hold the computer object
 -   Whether to enable BitLocker
 -   Regional settings
-You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](https://go.microsoft.com/fwlink/p/?LinkId=618117).
 
 ![figure 5](images/mdt-05-fig05.png)
 
@@ -103,7 +104,7 @@ Selection profiles, which are available in the Advanced Configuration node, prov
 MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
 
 **Note**  
-The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=734717).
+The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
  
 ## <a href="" id="sec12"></a>Monitoring
 
diff --git a/windows/deploy/migrate-application-settings.md b/windows/deploy/migrate-application-settings.md
index 6a8ffdc612..bdcb63af32 100644
--- a/windows/deploy/migrate-application-settings.md
+++ b/windows/deploy/migrate-application-settings.md
@@ -63,7 +63,7 @@ Next, you should go through the user interface and make a list of all of the ava
 
 **How To Determine Where Each Setting is Stored**
 
-1.  Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](http://go.microsoft.com/fwlink/p/?linkid=36109).
+1.  Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](https://go.microsoft.com/fwlink/p/?linkid=36109).
 
 2.  Shut down as many applications as possible to limit the registry and file system activity on the computer.
 
diff --git a/windows/deploy/monitor-activation-client.md b/windows/deploy/monitor-activation-client.md
index 5b49e544c2..215c706ab1 100644
--- a/windows/deploy/monitor-activation-client.md
+++ b/windows/deploy/monitor-activation-client.md
@@ -24,7 +24,7 @@ localizationpriority: medium
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 You can monitor the success of the activation process for a computer running Windows 8.1 in several ways. The most popular methods include:
 -   Using the Volume Licensing Service Center website to track use of MAK keys.
diff --git a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
index 12aae5a28c..395beb960d 100644
--- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
 keywords: deploy, upgrade
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/offline-migration-reference.md b/windows/deploy/offline-migration-reference.md
index f54d3b4c7b..c7c6c03af0 100644
--- a/windows/deploy/offline-migration-reference.md
+++ b/windows/deploy/offline-migration-reference.md
@@ -90,7 +90,7 @@ The following table defines the supported combination of online and offline oper
  
 
 **Note**  
-It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](http://go.microsoft.com/fwlink/p/?LinkId=190314).
+It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](https://go.microsoft.com/fwlink/p/?LinkId=190314).
 
  
 
diff --git a/windows/deploy/plan-for-volume-activation-client.md b/windows/deploy/plan-for-volume-activation-client.md
index 3e4a114155..1a00e837a8 100644
--- a/windows/deploy/plan-for-volume-activation-client.md
+++ b/windows/deploy/plan-for-volume-activation-client.md
@@ -24,7 +24,7 @@ localizationpriority: medium
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 *Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
 
@@ -84,7 +84,7 @@ allows permanent activation of computers that are isolated from the KMS or are p
 To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
 In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
 
-Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](http://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
+Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
 
 ### Key Management Service
 
@@ -178,8 +178,8 @@ Now it’s time to assemble the pieces into a working solution. By evaluating yo
 ## Choosing and acquiring keys
 
 When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
--   Go to the **Product Keys** section of the [Volume Licensing Service Center](http://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
--   Contact your [Microsoft Activation Center](http://go.microsoft.com/fwlink/p/?LinkId=618264).
+-   Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
+-   Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
 
 ### KMS host keys
 
diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
index 8f2bbad1b9..637b6aaaca 100644
--- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
+++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
 keywords: deploy, system requirements
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -36,7 +37,7 @@ MDT 2013 Update 2 requires the following components:
 
 ## <a href="" id="sec02"></a>Install Windows ADK for Windows 10
 
-These steps assume that you have the MDT01 member server installed and configured and that you have downloaded [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803) to the E:\\Downloads\\ADK folder.
+These steps assume that you have the MDT01 member server installed and configured and that you have downloaded [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803) to the E:\\Downloads\\ADK folder.
 1.  On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**.
 2.  Start the **ADK Setup** (E:\\Downloads\\ADK\\adksetup.exe), and on the first wizard page, click **Continue**.
 3.  On the **Select the features you want to change** page, select the features below and complete the wizard using the default settings:
@@ -46,7 +47,7 @@ These steps assume that you have the MDT01 member server installed and configure
 
 ## <a href="" id="sec03"></a>Install MDT 2013 Update 2
 
-These steps assume that you have downloaded [MDT 2013 Update 2](http://go.microsoft.com/fwlink/p/?LinkId=618117 ) to the E:\\Downloads\\MDT 2013 folder on MDT01.
+These steps assume that you have downloaded [MDT 2013 Update 2](https://go.microsoft.com/fwlink/p/?LinkId=618117 ) to the E:\\Downloads\\MDT 2013 folder on MDT01.
 
 1.  On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**.
 2.  Install **MDT** (E:\\Downloads\\MDT 2013\\MicrosoftDeploymentToolkit2013\_x64.msi) with the default settings.
@@ -103,7 +104,7 @@ Figure 7. The Sharing tab of the E:\\Logs folder after sharing it with PowerShel
 
 ## <a href="" id="sec07"></a>Use CMTrace to read log files (optional)
 
-The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace (CMTrace), which is available as part [of Microsoft System Center 2012 R2 Configuration Manager Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=734717). You can use Notepad, but CMTrace formatting makes the logs easier to read.
+The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace (CMTrace), which is available as part [of Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). You can use Notepad, but CMTrace formatting makes the logs easier to read.
 
 ![figure 8](images/mdt-05-fig09.png)
 
diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 88a8cac968..499573e6a0 100644
--- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -4,7 +4,9 @@ description: This topic will walk you through the process of integrating Microso
 ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
 keywords: install, configure, deploy, deployment
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -75,7 +77,7 @@ Figure 6. The Configuration Manager service accounts used for operating system d
 ## <a href="" id="sec02"></a>Configure Active Directory permissions
 
 
-In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
+In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
 
 1.  On DC01, log on as Administrator in the CONTOSO domain using the password **P@ssw0rd**.
 
diff --git a/windows/deploy/provision-pcs-for-initial-deployment.md b/windows/deploy/provision-pcs-for-initial-deployment.md
index d3692b2073..fe8b805133 100644
--- a/windows/deploy/provision-pcs-for-initial-deployment.md
+++ b/windows/deploy/provision-pcs-for-initial-deployment.md
@@ -7,7 +7,7 @@ ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Provision PCs with common settings for initial deployment (simple provisioning)
@@ -117,11 +117,11 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 
 ## Learn more
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
  
 
diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md
index 936f1b6f73..2a918f8202 100644
--- a/windows/deploy/provision-pcs-with-apps-and-certificates.md
+++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md
@@ -7,7 +7,7 @@ ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Provision PCs with apps and certificates for initial deployment (advanced provisioning)
@@ -76,9 +76,17 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
     ![required frameworks for offline app package](images/uwp-dependencies.png)
 
-5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Windows Store for Business, you generate the license for the app on the app's download page.
+5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. 
 
-    ![generate license for offline app](images/uwp-license.png)
+    - In Windows Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**.
+
+        ![generate license for offline app](images/uwp-license.png)
+        
+    - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
+    
+6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. 
+
+7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *<file name>*.**ms-windows-store-license**, and select the license file.
 
 [Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md)
 
@@ -104,7 +112,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 ### Add other settings to your package 
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ### Build your package
 
@@ -214,11 +222,11 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
 ![add a package option](images/package.png)
 
 ## Learn more
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
 
diff --git a/windows/deploy/provisioning-packages.md b/windows/deploy/provisioning-packages.md
index 4630340ba6..47223a7427 100644
--- a/windows/deploy/provisioning-packages.md
+++ b/windows/deploy/provisioning-packages.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Provisioning packages for Windows 10
@@ -89,7 +90,7 @@ The following table provides some examples of what can be configured using provi
 \* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices.
  
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Creating a provisioning package
 
@@ -105,17 +106,17 @@ When you run ADKsetup.exe for Windows 10, version 1607, select the following fea
 > [!NOTE]
 > In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features.
 
-After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651).
+After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651).
 
 ## Applying a provisioning package to a device
 
 
-Provisioning packages can be applied both during image deployment and during runtime. For information on how to apply a provisioning package to a Windows 10-based device, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651).
+Provisioning packages can be applied both during image deployment and during runtime. For information on how to apply a provisioning package to a Windows 10-based device, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651).
 
 ## Learn more
 
 
-[Windows 10: Deployment](http://go.microsoft.com/fwlink/p/?LinkId=533708)
+[Windows 10: Deployment](https://go.microsoft.com/fwlink/p/?LinkId=533708)
 
 ## Related topics
 
diff --git a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 68b0a74563..fe8e875c6b 100644
--- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
 keywords: upgrade, install, installation, computer refresh
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
index f6ea4a2125..450e831b33 100644
--- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
@@ -5,6 +5,7 @@ ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
 keywords: reinstallation, customize, template, script, restore
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -57,15 +58,16 @@ In this section, you learn to migrate additional data using a custom template. Y
 1.  Back up the **C:\\Data** folder (including all files and folders).
 2.  Scan the local disk for PDF documents (\*.pdf files) and restore them into the **C:\\Data\\PDF Documents** folder on the destination machine.
 The custom USMT template is named MigContosoData.xml, and you can find it in the sample files for this documentation, which include:
--   [Gather script](http://go.microsoft.com/fwlink/p/?LinkId=619361)
--   [Set-OUPermissions](http://go.microsoft.com/fwlink/p/?LinkId=619362) script
--   [MDT Sample Web Service](http://go.microsoft.com/fwlink/p/?LinkId=619363)
+-   [Gather script](https://go.microsoft.com/fwlink/p/?LinkId=619361)
+-   [Set-OUPermissions](https://go.microsoft.com/fwlink/p/?LinkId=619362) script
+-   [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363)
 
 ### Add the custom XML template
 
 In order to use the custom MigContosoData.xml USMT template, you need to copy it to the MDT Production deployment share and update the CustomSettings.ini file. In these steps, we assume you have downloaded the MigContosoData.xml file.
 1.  Using File Explorer, copy the MigContosoData.xml file to the **E:\\MDTProduction\\Tools\\x64\\USMT5** folder.
 2.  Using Notepad, edit the E:\\MDTProduction\\Control\\CustomSettings.ini file. After the USMTMigFiles002=MigUser.xml line add the following line:
+
     ``` syntax
     USMTMigFiles003=MigContosoData.xml
     ```
@@ -76,7 +78,7 @@ In order to use the custom MigContosoData.xml USMT template, you need to copy it
 After adding the additional USMT template and configuring the CustomSettings.ini file to use it, you are now ready to refresh a Windows 7 SP1 client to Windows 10. In these steps, we assume you have a Windows 7 SP1 client named PC0001 in your environment that is ready for a refresh to Windows 10.
 
 **Note**  
-MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property in the [MDT resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property in the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
  
 ### Upgrade (refresh) a Windows 7 SP1 client
 
diff --git a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index b9f521531f..5691f94681 100644
--- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
 keywords: upgrade, install, installation, replace computer, setup
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
index a862edf501..9a3311910e 100644
--- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -5,7 +5,9 @@ ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 keywords: deploy, deployment, replace
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
+localizationpriority: high
 ms.pagetype: mdt
 author: mtniehaus
 ---
diff --git a/windows/deploy/scenario-online-activation-vamt.md b/windows/deploy/scenario-online-activation-vamt.md
index 41dda833ac..a5c448c186 100644
--- a/windows/deploy/scenario-online-activation-vamt.md
+++ b/windows/deploy/scenario-online-activation-vamt.md
@@ -110,7 +110,7 @@ To collect the status from select computers in the database, you can select comp
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
     **Note**  
 
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](http://go.microsoft.com/fwlink/p/?linkid=238382)
+    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382)
 
 ## <a href="" id="bkmk-partnine"></a>Step 9: Activate the client products
 
diff --git a/windows/deploy/scenario-proxy-activation-vamt.md b/windows/deploy/scenario-proxy-activation-vamt.md
index 2e475d02b4..8059e34cae 100644
--- a/windows/deploy/scenario-proxy-activation-vamt.md
+++ b/windows/deploy/scenario-proxy-activation-vamt.md
@@ -93,7 +93,7 @@ To collect the status from select computers in the database, you can select comp
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
 
     **Note**  
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](http://go.microsoft.com/fwlink/p/?linkid=238382)
+    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382)
 
     **Note**  
     Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
diff --git a/windows/deploy/set-up-mdt-2013-for-bitlocker.md b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
index 7a76f8cdf7..16b405ad57 100644
--- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md
+++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
@@ -5,6 +5,7 @@ description:
 keywords: disk, encryption, TPM, configure, secure, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -24,7 +25,7 @@ To configure your environment for BitLocker, you will need to do the following:
 4.  Configure the rules (CustomSettings.ini) for BitLocker.
 
 **Note**  
-Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](http://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
+Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
  
 For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
 
@@ -81,9 +82,10 @@ If you consistently get the error "Windows BitLocker Drive Encryption Informatio
  
 ### Set permissions in Active Directory for BitLocker
 
-In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](http://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
+In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
 1.  On DC01, start an elevated PowerShell prompt (run as Administrator).
 2.  Configure the permissions by running the following command:
+
     ``` syntax
     cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
     ```
@@ -105,10 +107,12 @@ cctk.exe --tpm=on --valsetuppwd=Password1234
 ### Add tools from HP
 
 The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
+
 ``` syntax
 BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
 ```
 And the sample content of the TPMEnable.REPSET file:
+
 ``` syntax
 English
 Activate Embedded Security On Next Boot
@@ -128,7 +132,7 @@ cscript.exe SetConfig.vbs SecurityChip Active
 ```
 ## <a href="" id="sec03"></a>Configure the Windows 10 task sequence to enable BitLocker
 
-When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](http://go.microsoft.com/fwlink/p/?LinkId=619549). In the following task sequence, we have added five actions:
+When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). In the following task sequence, we have added five actions:
 -   **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
 -   **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
     **Note**  
diff --git a/windows/deploy/sideload-apps-in-windows-10.md b/windows/deploy/sideload-apps-in-windows-10.md
index 6265950f08..060edd4c87 100644
--- a/windows/deploy/sideload-apps-in-windows-10.md
+++ b/windows/deploy/sideload-apps-in-windows-10.md
@@ -69,7 +69,7 @@ You can sideload apps on managed or unmanaged devices.
 
     -OR-
 
-    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=619162).
+    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=619162).
 
 **To install the app**
 -   From the folder with the appx package, run the PowerShell `Add-AppxPackage` command to install the appx package.
@@ -99,7 +99,7 @@ You can sideload apps on managed or unmanaged devices.
 
 **To import the security certificate for unmanaged devices**
 
--   You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 mobile device, see runtime instructions on [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=619164).
+-   You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 mobile device, see runtime instructions on [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=619164).
 
 **To install the app**
 
diff --git a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
index a6c8789efb..3677031293 100644
--- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -5,6 +5,7 @@ ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
 keywords: deploy, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -13,7 +14,7 @@ author: mtniehaus
 # Simulate a Windows 10 deployment in a test environment
 
 This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined machine (client or server). In the following example, you use the PC0001 Windows 10 client.
-For the purposes of this topic, you already will have either downloaded and installed the free Microsoft System Center 2012 R2 Configuration Manager Toolkit, or copied Configuration Manager Trace (CMTrace) if you have access to the System Center 2012 R2 Configuration Manager media. We also assume that you have downloaded the [sample Gather.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery.
+For the purposes of this topic, you already will have either downloaded and installed the free Microsoft System Center 2012 R2 Configuration Manager Toolkit, or copied Configuration Manager Trace (CMTrace) if you have access to the System Center 2012 R2 Configuration Manager media. We also assume that you have downloaded the [sample Gather.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery.
 
 1.  On PC0001, log on as **CONTOSO\\Administrator** using the password **P@ssw0rd**.
 2.  Using Computer Management, add the **CONTOSO\\MDT\_BA** user account to the local **Administrators** group.
diff --git a/windows/deploy/update-windows-10-images-with-provisioning-packages.md b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
index 0fbf772bbb..d292a6cba0 100644
--- a/windows/deploy/update-windows-10-images-with-provisioning-packages.md
+++ b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
@@ -26,7 +26,7 @@ You can also put a provisioning package on a USB drive or SD card to apply to of
 
 Rather than wiping a device and applying a new system image when you need to change configuration, you can reset the device to its original state and then apply a new provisioning package.
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Advantages
 -   You can configure new devices without reimaging.
@@ -40,7 +40,7 @@ For details about the settings you can customize in provisioning packages, see [
 -   Ensure compliance and security before a device is enrolled in MDM.
 
 ## Create package
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
 
 1.  Open Windows ICD (by default, `%windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe`).
 
@@ -52,7 +52,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 5.  On **New project**, click **Finish**. The workspace for your package opens.
 
-6.  Configure settings. [Learn more about specific settings in provisioning packages.]( http://go.microsoft.com/fwlink/p/?LinkId=615916)
+6.  Configure settings. [Learn more about specific settings in provisioning packages.]( https://go.microsoft.com/fwlink/p/?LinkId=615916)
 
 7.  On the **File** menu, select **Save.**
 
@@ -106,19 +106,19 @@ If your build is successful, the name of the provisioning package, output direct
 ## Add package to image
 **To add a provisioning package to Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)**
 
--   Follow the steps in the "To build an image for Windows 10 for desktop editions" section in [Use the Windows ICD command-line interface]( http://go.microsoft.com/fwlink/p/?LinkId=617371).
+-   Follow the steps in the "To build an image for Windows 10 for desktop editions" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).
 
 **To add a provisioning package to a Windows 10 Mobile image**
 
--   Follow the steps in the "To build an image for Windows 10 Mobile or Windows 10 IoT Core (IoT Core)" section in [Use the Windows ICD command-line interface]( http://go.microsoft.com/fwlink/p/?LinkId=617371).<p>
+-   Follow the steps in the "To build an image for Windows 10 Mobile or Windows 10 IoT Core (IoT Core)" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).<p>
 The provisioning package is placed in the FFU image and is flashed or sector written to the device. During device setup time, the provisioning engine starts and consumes the packages.
 
 ## Learn more
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
 ## Related topics
 - [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-architecture.md b/windows/deploy/upgrade-analytics-architecture.md
index bdd9d88b62..cd153c1420 100644
--- a/windows/deploy/upgrade-analytics-architecture.md
+++ b/windows/deploy/upgrade-analytics-architecture.md
@@ -23,7 +23,7 @@ For more information about what telemetry data Microsoft collects and how that d
 
 [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
 
-[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](http://go.microsoft.com/fwlink/?LinkID=822965)
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
 
 ##**Related topics**
 
diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md
index cb5931f6ba..d80f83c9d3 100644
--- a/windows/deploy/upgrade-analytics-get-started.md
+++ b/windows/deploy/upgrade-analytics-get-started.md
@@ -15,7 +15,7 @@ For system, application, and driver data to be shared with Microsoft, you must c
 
 - [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
 
-- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](http://go.microsoft.com/fwlink/?LinkID=822965)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
 
 
 This topic explains how to obtain and set up Upgrade Analytics components. If you haven’t done so already, see [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements) for information about requirements for using Upgrade Analytics.
@@ -31,13 +31,13 @@ Each task is explained in detail in the following sections.
 
 ## Add Upgrade Analytics to Operations Management Suite
 
-Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
+Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
 
 If you are already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Select the **Upgrade Analytics** tile in the gallery and then click **Add** on the solution's details page. Upgrade Analytics is now visible in your workspace.
 
 If you are not using OMS:
 
-1.  Go to the [Upgrade Analytics website](http://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
+1.  Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
 
 2.  Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
 
@@ -85,7 +85,7 @@ Note: The compatibility update KB runs under the computer’s system account and
 |---------------------------------------------------------|-----------|
 | `https://v10.vortex-win.data.microsoft.com/collect/v1`                                                                                                                             | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
 | `https://settings-win.data.microsoft.com/settings`                                                                                                                                 | Enables the compatibility update KB to send data to Microsoft.                                                                       |
-| `http://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`                                        | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
+| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`                                        | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
 | `https://vortex.data.microsoft.com/health/keepalive` <br>`https://settings.data.microsoft.com/qos` <br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | These endpoints are used to validate that user computers are sharing data with Microsoft.                                            |
 
 ## Deploy the compatibility update and related KBs
@@ -131,7 +131,7 @@ The Upgrade Analytics deployment script does the following:
 
 To run the Upgrade Analytics deployment script:
 
-1.  Download the [Upgrade Analytics deployment script](http://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. The files in the Diagnostics folder are necessary only if you plan to run the script in troubleshooting mode.
+1.  Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. The files in the Diagnostics folder are necessary only if you plan to run the script in troubleshooting mode.
 
 2.  Edit the following parameters in RunConfig.bat:
 
diff --git a/windows/deploy/upgrade-analytics-release-notes.md b/windows/deploy/upgrade-analytics-release-notes.md
index dd1959b0e1..dbf92527d7 100644
--- a/windows/deploy/upgrade-analytics-release-notes.md
+++ b/windows/deploy/upgrade-analytics-release-notes.md
@@ -1,5 +1,5 @@
 ---
 title: Upgrade Analytics release notes (Windows 10)
 description: Provides tips and limitations about Upgrade Analytics.
-redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements#important-information-about-this-release
 ---
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-requirements.md b/windows/deploy/upgrade-analytics-requirements.md
index 58fb28d579..3d55cd49a6 100644
--- a/windows/deploy/upgrade-analytics-requirements.md
+++ b/windows/deploy/upgrade-analytics-requirements.md
@@ -29,7 +29,7 @@ Upgrade Analytics is offered as a solution in the Microsoft Operations Managemen
 
 If you’re already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Click the Upgrade Analytics tile in the gallery and then click Add on the solution’s details page. Upgrade Analytics is now visible in your workspace.
 
-If you are not using OMS, go to \[link to new Upgrade Analytics Web page on Microsoft.com\] and select **Upgrade Analytics Service** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Analytics solution to it.
+If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Analytics solution to it.
 
 Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
 
@@ -37,7 +37,7 @@ Important: You can use either a Microsoft Account or a Work or School account to
 
 After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
 
-See \[link to Steve May’s PDF doc when it’s published\] for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
+See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
 
 **Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
 
@@ -49,7 +49,7 @@ See \[link to Steve May’s PDF doc when it’s published\] for more information
 
 `https://settings.data.microsoft.com/qos`
 
-`http://go.microsoft.com/fwlink/?LinkID=544713`
+`https://go.microsoft.com/fwlink/?LinkID=544713`
 
 `https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
 
@@ -73,7 +73,7 @@ Before you get started configuring Upgrade Anatlyics, review the following tips
 
 **User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
 
-**Upgrade Analytics does not support on-premise Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premise.
+**Upgrade Analytics does not support on-premises Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
 
 **In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Analytics solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
 
diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 0f66363610..1739910931 100644
--- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -4,6 +4,7 @@ description: The simplest path to upgrade PCs currently running Windows 7, Wind
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 author: mtniehaus
 ---
@@ -34,9 +35,9 @@ System Center 2012 R2 Configuration Manager SP1 adds support to manage and dep
 ## Create the task sequence
 
 
-To help with this process, the Configuration Manager team has published [a blog](http://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](http://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
+To help with this process, the Configuration Manager team has published [a blog](https://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](https://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
 
-1.  Download the [Windows10Upgrade1506.zip](http://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
+1.  Download the [Windows10Upgrade1506.zip](https://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
 2.  Copy the Windows 10 Enterprise RTM x64 media into the extracted but empty **Windows vNext Upgrade Media** folder.
 3.  Using the Configuration Manager Console, right-click the **Task Sequences** node, and then choose **Import Task Sequence**. Select the **Windows-vNextUpgradeExport.zip** file that you extracted in Step 1.
 4.  Distribute the two created packages (one contains the Windows 10 Enterprise x64 media, the other contains the related scripts) to the Configuration Manager distribution point.
@@ -111,7 +112,7 @@ After the task sequence finishes, the computer will be fully upgraded to Windows
 With the next release of System Center Configuration Manager (currently planned for Q4 of 2015), new built-in functionality will be provided to make it even easier to upgrade existing Windows 7, Windows 8, and Windows 8.1 PCs to Windows 10.
 
 **Note**  
-For more details about the next version of Configuration Manager, see the [Configuration Manager Team blog](http://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](http://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
+For more details about the next version of Configuration Manager, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
 
  
 
@@ -199,7 +200,7 @@ After the task sequence completes, the computer will be fully upgraded to Window
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
-[Configuration Manager Team blog](http://go.microsoft.com/fwlink/p/?LinkId=620109)
+[Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620109)
 
  
 
diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 18dfaf7fdf..a57de8573f 100644
--- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -5,6 +5,7 @@ ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -100,5 +101,5 @@ After the task sequence completes, the computer will be fully upgraded to Window
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
-[Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
  
\ No newline at end of file
diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index f79c20d4ba..8270ef2a4e 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -4,6 +4,7 @@ description: This article describes how to upgrade eligible Windows Phone 8.1 de
 keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: Jamiejdt
diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
index 64e70ced04..65fb7d646b 100644
--- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
+++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
 keywords: web services, database
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -16,7 +17,7 @@ This topic will show you how to integrate Microsoft System Center 2012 R2 Orches
 MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
 
 **Note**  
-If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
  
 ## <a href="" id="sec01"></a>Orchestrator terminology
 
@@ -30,7 +31,7 @@ Before diving into the core details, here is a quick course in Orchestrator term
 -   **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
 
 **Note**  
-To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](http://go.microsoft.com/fwlink/p/?LinkId=619554).
+To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
  
 ## <a href="" id="sec02"></a>Create a sample runbook
 
@@ -135,10 +136,11 @@ Figure 31. The ready-made task sequence.
 
 Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
 **Note**  
-Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](http://go.microsoft.com/fwlink/p/?LinkId=619555).
+Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
  
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2.  Using an elevated command prompt (run as Administrator), type the following command:
+
     ``` syntax
     cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
     ```
diff --git a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 32208d3e25..38ae49c0e7 100644
--- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -6,6 +6,7 @@ ms.pagetype: mdt
 keywords: database, permissions, settings, configure, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/use-the-volume-activation-management-tool-client.md b/windows/deploy/use-the-volume-activation-management-tool-client.md
index 6eed17adf5..e6b415238b 100644
--- a/windows/deploy/use-the-volume-activation-management-tool-client.md
+++ b/windows/deploy/use-the-volume-activation-management-tool-client.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Use the Volume Activation Management Tool
@@ -23,14 +23,14 @@ localizationpriority: medium
 -   Windows Server 2008 R2
 
 **Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
 
 By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be 
 installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.
 
-The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740).
+The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740).
 
 In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature.
 
@@ -65,8 +65,8 @@ The VAMT stores information in a Microsoft SQL Server database for performance
 -   **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive.
 
 For more information, see:
--   [Volume Activation Management Tool (VAMT) Overview](http://go.microsoft.com/fwlink/p/?LinkId=618266)
--   [VAMT Step-by-Step Scenarios](http://go.microsoft.com/fwlink/p/?LinkId=618267)
+-   [Volume Activation Management Tool (VAMT) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618266)
+-   [VAMT Step-by-Step Scenarios](https://go.microsoft.com/fwlink/p/?LinkId=618267)
 
 ## See also
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deploy/use-vamt-in-windows-powershell.md b/windows/deploy/use-vamt-in-windows-powershell.md
index 01de72d0a6..3d285f1e56 100644
--- a/windows/deploy/use-vamt-in-windows-powershell.md
+++ b/windows/deploy/use-vamt-in-windows-powershell.md
@@ -13,7 +13,7 @@ author: jdeckerMS
 
 The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool.
 **To install PowerShell 3.0**
--   VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=218356).
+-   VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356).
 **To install the Windows Assessment and Deployment Kit**
 -   In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK).
 **To prepare the VAMT PowerShell environment**
@@ -48,7 +48,7 @@ get-help get-VamtProduct -all
 ```
 
 **Warning**  
-The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](http://go.microsoft.com/fwlink/p/?LinkId=242278).
+The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278).
 
 **To view VAMT PowerShell Help sections**
 
diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md
index 1d8755df14..33f1c9a3a7 100644
--- a/windows/deploy/use-web-services-in-mdt-2013.md
+++ b/windows/deploy/use-web-services-in-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
 keywords: deploy, web apps
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.pagetype: mdt
 ms.sitesec: library
 author: mtniehaus
@@ -17,7 +18,7 @@ Using a web service in MDT is straightforward, but it does require that you have
 
 ## <a href="" id="sec01"></a>Create a sample web service
 
-In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](http://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
+In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
 1.  On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
 2.  On the ribbon bar, verify that Release is selected.
 3.  In the **Debug** menu, select the **Build MDTSample** action.
diff --git a/windows/deploy/usmt-best-practices.md b/windows/deploy/usmt-best-practices.md
index 8da6b08353..6e06f8c3d9 100644
--- a/windows/deploy/usmt-best-practices.md
+++ b/windows/deploy/usmt-best-practices.md
@@ -42,7 +42,7 @@ This topic discusses general and security-related best practices when using User
 
 -   **Chkdsk.exe**
 
-    We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](http://go.microsoft.com/fwlink/p/?LinkId=140244).
+    We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](https://go.microsoft.com/fwlink/p/?LinkId=140244).
 
 -   **Migrate in groups**
 
@@ -55,7 +55,7 @@ As the authorized administrator, it is your responsibility to protect the privac
 
 -   **Encrypting File System (EFS)**
 
-    Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](http://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
+    Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](https://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
 
     **Important**  
     If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
@@ -72,7 +72,7 @@ As the authorized administrator, it is your responsibility to protect the privac
 
 -   **Maintain security of the file server and the deployment server**
 
-    We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](http://go.microsoft.com/fwlink/p/?LinkId=215657).
+    We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
 
 -   **Password Migration**
 
diff --git a/windows/deploy/usmt-common-issues.md b/windows/deploy/usmt-common-issues.md
index 88980d6d7b..118d52b056 100644
--- a/windows/deploy/usmt-common-issues.md
+++ b/windows/deploy/usmt-common-issues.md
@@ -165,7 +165,7 @@ The following sections describe common XML file problems. Expand the section to
 
 ### I am having problems with a custom .xml file that I authored, and I cannot verify that the syntax is correct.
 
-**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](http://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
+**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
 
 ### <a href="" id="i-am-using-a-migxml-helper-function--but-the-migration-isn-t-working-the-way-i-expected-it-to---how-do-i-troubleshoot-this-issue-"></a>I am using a MigXML helper function, but the migration isn’t working the way I expected it to.  How do I troubleshoot this issue?
 
@@ -251,7 +251,7 @@ Scanstate /ui:S1-5-21-124525095-708259637-1543119021*
 
 The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well.
 
-You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=190277).
+You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=190277).
 
 ### My script to wipe the disk fails after running the ScanState tool on a 64-bit system.
 
diff --git a/windows/deploy/usmt-hard-link-migration-store.md b/windows/deploy/usmt-hard-link-migration-store.md
index e65487a0bd..699fe76632 100644
--- a/windows/deploy/usmt-hard-link-migration-store.md
+++ b/windows/deploy/usmt-hard-link-migration-store.md
@@ -67,7 +67,7 @@ A hard link can only be created for a file on the same volume. If you copy a har
 
  
 
-For more information about hard links, please see [Hard Links and Junctions](http://go.microsoft.com/fwlink/p/?LinkId=132934)
+For more information about hard links, please see [Hard Links and Junctions](https://go.microsoft.com/fwlink/p/?LinkId=132934)
 
 In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place.
 
diff --git a/windows/deploy/usmt-overview.md b/windows/deploy/usmt-overview.md
index 928044a3cf..9f6a18384a 100644
--- a/windows/deploy/usmt-overview.md
+++ b/windows/deploy/usmt-overview.md
@@ -35,7 +35,7 @@ USMT provides the following benefits to businesses that are deploying Windows op
 -   Increases employee satisfaction with the migration experience.
 
 ## Limitations
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](http://go.microsoft.com/fwlink/p/?LinkId=140248).
+USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](https://go.microsoft.com/fwlink/p/?LinkId=140248).
 
 There are some scenarios in which the use of USMT is not recommended. These include:
 
diff --git a/windows/deploy/usmt-resources.md b/windows/deploy/usmt-resources.md
index cc268ff816..e77c799af7 100644
--- a/windows/deploy/usmt-resources.md
+++ b/windows/deploy/usmt-resources.md
@@ -22,13 +22,13 @@ author: greg-lindsay
 
         For more information about how to use the schema with your XML authoring environment, see the environment’s documentation.
 
--   [Ask the Directory Services Team blog](http://go.microsoft.com/fwlink/p/?LinkId=226365)
+-   [Ask the Directory Services Team blog](https://go.microsoft.com/fwlink/p/?LinkId=226365)
 
 -   Forums:
 
-    -   [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=226386)
+    -   [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386)
 
-    -   [Configuration Manager Operating System Deployment](http://go.microsoft.com/fwlink/p/?LinkId=226388)
+    -   [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388)
 
 ## Related topics
 
diff --git a/windows/deploy/usmt-return-codes.md b/windows/deploy/usmt-return-codes.md
index 365b49b5c7..001654314d 100644
--- a/windows/deploy/usmt-return-codes.md
+++ b/windows/deploy/usmt-return-codes.md
@@ -48,7 +48,7 @@ As a best practice, we recommend that you set verbosity level to 5, **/v***:5*,
 
 Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received.
 
-You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=147060).
+You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=147060).
 
 ## <a href="" id="bkmk-tscodeserrors"></a>Troubleshooting Return Codes and Error Messages
 
diff --git a/windows/deploy/usmt-technical-reference.md b/windows/deploy/usmt-technical-reference.md
index 6414a4386a..c3d796217c 100644
--- a/windows/deploy/usmt-technical-reference.md
+++ b/windows/deploy/usmt-technical-reference.md
@@ -11,7 +11,7 @@ author: greg-lindsay
 # User State Migration Tool (USMT) Technical Reference
 The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
 
-Download the Windows ADK [from this website](http://go.microsoft.com/fwlink/p/?LinkID=526803).
+Download the Windows ADK [from this website](https://go.microsoft.com/fwlink/p/?LinkID=526803).
 
 **USMT support for Microsoft Office**
 >USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.<BR>
@@ -31,7 +31,7 @@ USMT also includes a set of three modifiable .xml files:
 
 Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
 
-USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](http://go.microsoft.com/fwlink/p/?LinkId=246564).
+USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](https://go.microsoft.com/fwlink/p/?LinkId=246564).
 
 ## In This Section
 |Topic |Description|
diff --git a/windows/deploy/usmt-test-your-migration.md b/windows/deploy/usmt-test-your-migration.md
index e460f17de8..39297b3207 100644
--- a/windows/deploy/usmt-test-your-migration.md
+++ b/windows/deploy/usmt-test-your-migration.md
@@ -24,7 +24,7 @@ Running the ScanState and LoadState tools with the **/v***:5* option creates a d
 
  
 
-After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=140246).
+After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=140246).
 
 **Note**  
 For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
diff --git a/windows/deploy/usmt-xml-elements-library.md b/windows/deploy/usmt-xml-elements-library.md
index f4f412fc2a..4257b3e9d6 100644
--- a/windows/deploy/usmt-xml-elements-library.md
+++ b/windows/deploy/usmt-xml-elements-library.md
@@ -3056,7 +3056,7 @@ Syntax:
 <tr class="odd">
 <td align="left"><p>urlid</p></td>
 <td align="left"><p>Yes</p></td>
-<td align="left"><p><em>UrlID</em> is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](http://go.microsoft.com/fwlink/p/?LinkId=220938).</p></td>
+<td align="left"><p><em>UrlID</em> is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](https://go.microsoft.com/fwlink/p/?LinkId=220938).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Name</p></td>
@@ -3945,7 +3945,7 @@ The following scripts have no return value. You can use the following errors wit
          </processing>
     ```
 
--   **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=267898).
+-   **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=267898).
 
 -   **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service.
 
diff --git a/windows/deploy/vamt-known-issues.md b/windows/deploy/vamt-known-issues.md
index 4aa2185e8f..2e9ac12d08 100644
--- a/windows/deploy/vamt-known-issues.md
+++ b/windows/deploy/vamt-known-issues.md
@@ -13,7 +13,7 @@ author: jdeckerMS
 
 The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0.
 -   The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state.
--   Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](http://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](http://go.microsoft.com/fwlink/p/?linkid=184668).
+-   Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668).
 -   When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information.
 -   The remaining activation count can only be retrieved for MAKs.
  
diff --git a/windows/deploy/vamt-requirements.md b/windows/deploy/vamt-requirements.md
index 06a8615669..99379424ef 100644
--- a/windows/deploy/vamt-requirements.md
+++ b/windows/deploy/vamt-requirements.md
@@ -19,7 +19,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations
 
 |Product key type |Where to obtain |
 |-----------------|----------------|
-|<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](http://go.microsoft.com/fwlink/p/?LinkId=227282). |
+|<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
 |Retail product keys |Obtained at time of product purchase. |
 
 ## System Requirements
@@ -36,7 +36,7 @@ The following table lists the system requirements for the VAMT host computer.
 |Network |Connectivity to remote computers via Windows® Management Instrumentation (TCP/IP) and Microsoft® Activation Web Service on the Internet via HTTPS |
 |Operating System |Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, or Windows Server 2012. |
 |Additional Requirements |<ul><li>Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).</li><li>PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server® 2012, PowerShell is included in the installation. For previous versions of Windows and 
-Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](http://go.microsoft.com/fwlink/p/?LinkId=218356).</li><li>If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.</li></ul> |
+Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](https://go.microsoft.com/fwlink/p/?LinkId=218356).</li><li>If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.</li></ul> |
 
 ## Related topics
 - [Install and Configure VAMT](install-configure-vamt.md)
diff --git a/windows/deploy/volume-activation-windows-10.md b/windows/deploy/volume-activation-windows-10.md
index f1bda40ad4..2ed015e7ba 100644
--- a/windows/deploy/volume-activation-windows-10.md
+++ b/windows/deploy/volume-activation-windows-10.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Volume Activation for Windows 10
@@ -23,10 +23,10 @@ localizationpriority: medium
 -   Windows Server 2008 R2
 
 **Looking for volume licensing information?**
--   [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](http://go.microsoft.com/fwlink/p/?LinkId=620104)
+-   [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104)
 
 **Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows.
 *Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as Open and Select) and to participants in programs such as the Microsoft Partner Program and MSDN Subscriptions.
@@ -38,9 +38,9 @@ This guide provides information and step-by-step guidance to help you choose a v
 Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8, Windows 7, Windows Server 2012, and Windows Server 2008 R2Windows Server 2008 R2 operating systems. This guide 
 discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions.
 
-Volume activation—and the need for activation itself—is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](http://go.microsoft.com/fwlink/p/?LinkId=618209) in the TechNet Library.
+Volume activation—and the need for activation itself—is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](https://go.microsoft.com/fwlink/p/?LinkId=618209) in the TechNet Library.
 
-If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=618210).
+If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=618210).
 
 To successfully plan and implement a volume activation strategy, you must:
 -   Learn about and understand product activation.
diff --git a/windows/deploy/windows-10-deployment-scenarios.md b/windows/deploy/windows-10-deployment-scenarios.md
index e76d648bb0..b33db65cc8 100644
--- a/windows/deploy/windows-10-deployment-scenarios.md
+++ b/windows/deploy/windows-10-deployment-scenarios.md
@@ -5,6 +5,7 @@ ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
 keywords: upgrade, in-place, configuration, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -59,7 +60,7 @@ There are two primary dynamic provisioning scenarios:
 
 -   **Azure Active Directory (Azure AD) Join with automatic mobile device management (MDM) enrollment.** In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed.
 
--   **Provisioning package configuration.** Using the [Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](../manage/configure-devices-without-mdm.md).
+-   **Provisioning package configuration.** Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](../manage/configure-devices-without-mdm.md).
 
 Either way, these scenarios can be used to enable “choose your own device” (CYOD) programs where the organization’s users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
 
@@ -126,8 +127,8 @@ The deployment process for the replace scenario is as follows:
 ## Related topics
 - [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 - [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
-- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=620230)
+- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
 - [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Windows setup technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619357)
-- [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=619358)
-- [UEFI firmware](http://go.microsoft.com/fwlink/p/?LinkId=619359)
\ No newline at end of file
+- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
+- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=619358)
+- [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619359)
\ No newline at end of file
diff --git a/windows/deploy/windows-10-edition-upgrades.md b/windows/deploy/windows-10-edition-upgrades.md
index ab1e629231..5a17250306 100644
--- a/windows/deploy/windows-10-edition-upgrades.md
+++ b/windows/deploy/windows-10-edition-upgrades.md
@@ -4,6 +4,7 @@ description: With Windows 10, you can quickly upgrade from one edition of Windo
 ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
@@ -15,7 +16,7 @@ author: greg-lindsay
 -   Windows 10
 -   Windows 10 Mobile
 
-With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md).
+With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md).
 
 The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. 
 
@@ -35,18 +36,18 @@ X = unsupported <BR>
 >**Note**: Each desktop edition in the table also has an N and KN edition. These editions have had media-related functionality removed. Devices with N or KN editions installed can be upgraded to corresponding N or KN editions using the same methods.
 
 ## Upgrade using mobile device management (MDM)
-- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkID=690907).
+- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
 
-- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkID=690907).
+- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
 
 ## Upgrade using a provisioning package
-The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
 
 - To use Windows ICD to create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 
 - To use Windows ICD to create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 
-For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=533700).
+For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=533700).
 
 ## Upgrade using a command-line tool
 You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
diff --git a/windows/deploy/windows-10-enterprise-e3-overview.md b/windows/deploy/windows-10-enterprise-e3-overview.md
new file mode 100644
index 0000000000..c3861f8fe5
--- /dev/null
+++ b/windows/deploy/windows-10-enterprise-e3-overview.md
@@ -0,0 +1,396 @@
+---
+title: Windows 10 Enterprise E3 in CSP Overview
+description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+localizationpriority: high
+ms.sitesec: library
+ms.pagetype: mdt
+author: greg-lindsay
+---
+
+# Windows 10 Enterprise E3 in CSP Overview
+
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+
+-   Windows 10 Pro, version 1607 (also known as Windows 10 Anniversary Update) or later installed on the devices to be upgraded
+
+-   Azure Active Directory (Azure AD) available for identity management
+
+Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
+
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
+
+When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
+
+-   **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
+
+-   **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+
+-   **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
+
+-   **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
+
+-   **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
+
+-   **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
+
+How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+
+-   [Microsoft Volume Licensing](http://www.microsoft.com/en-us/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
+
+-   [Software Assurance](http://www.microsoft.com/en-us/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
+
+    -   **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
+
+    -   **Training**. These benefits include training vouchers, online e-learning, and a home use program.
+
+    -   **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
+
+    -   **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
+
+    In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
+
+In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
+
+## Compare Windows 10 Pro and Enterprise editions
+
+Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
+
+*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="80%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Feature</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Credential Guard<strong>\*</strong></p></td>
+<td align="left"><p>This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.</p>
+<p>Credential Guard has the following features:</p>
+<ul>
+<li><p>**Hardware-level security**.&nbsp;&nbsp;Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.</p></li>
+<li><p>**Virtualization-based security**.&nbsp;&nbsp;Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.</p></li>
+<li><p>**Improved protection against persistent threats**.&nbsp;&nbsp;Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.</p></li>
+<li><p>**Improved manageability**.&nbsp;&nbsp;Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.</p></li>
+</ul>
+<p>For more information, see [Protect derived domain credentials with Credential Guard](http://technet.microsoft.com/itpro/windows/keep-secure/credential-guard).</p>
+<p>\* <i>Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)</i></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Device Guard</p></td>
+<td align="left"><p>This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.</p>
+<p>Device Guard does the following:</p>
+<ul>
+<li><p>Helps protect against malware</p></li>
+<li><p>Helps protect the Windows system core from vulnerability and zero-day exploits</p></li>
+<li><p>Allows only trusted apps to run</p></li>
+</ul>
+<p>For more information, see [Introduction to Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>AppLocker management</p></td>
+<td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
+<p>For more information, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Application Virtualization (App-V)</p></td>
+<td align="left"><p>This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.</p>
+<p>For more information, see [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>User Experience Virtualization (UE-V)</p></td>
+<td align="left"><p>With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.</p>
+<p>UE-V provides the ability to do the following:</p>
+<ul>
+<li><p>Specify which application and Windows settings synchronize across user devices</p></li>
+<li><p>Deliver the settings anytime and anywhere users work throughout the enterprise</p></li>
+<li><p>Create custom templates for your third-party or line-of-business applications</p></li>
+<li><p>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state</p></li>
+</ul>
+<p>For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Managed User Experience</p></td>
+<td align="left"><p>This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:</p>
+<ul>
+<li><p>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands</p></li>
+<li><p>Removing Log Off (the User tile) from the Start menu</p></li>
+<li><p>Removing frequent programs from the Start menu</p></li>
+<li><p>Removing the All Programs list from the Start menu</p></li>
+<li><p>Preventing users from customizing their Start screen</p></li>
+<li><p>Forcing Start menu to be either full-screen size or menu size</p></li>
+<li><p>Preventing changes to Taskbar and Start menu settings</p></li>
+</ul>
+</tr>
+</tbody>
+</table>
+
+## Preparing for deployment of Windows 10 Enterprise E3 licenses
+
+You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 licenses to users, you need to synchronize the identities in the on-premises AD DS domain with Azure AD.
+
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+
+**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](http://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
+
+![Illustration of Azure Active Directory Connect](images/enterprise-e3-ad-connect.png)
+
+**Figure 1. On-premises AD DS integrated with Azure AD**
+
+For more information about integrating on-premises AD DS domains with Azure AD, see the following resources:
+
+-   [Integrating your on-premises identities with Azure Active Directory](http://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/)
+-   [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
+
+### Preparing for deployment: reviewing requirements
+
+Devices must be running Windows 10 Pro, version 1607, and be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+
+<!-- Watch the preceding link if you divide this into multiple topics. -->
+
+## Explore the upgrade experience
+
+Now that your subscription has been established (by the partner who you work with) and Windows 10 Enterprise E3 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, version 1607 edition to Windows 10 Enterprise edition. So what will the users experience? How will they upgrade their devices?
+
+### Step 1: Join users’ devices to Azure AD
+
+Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607.
+
+**To join a device to Azure AD the first time the device is started**
+
+1.  During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 2**.
+
+    <img src="images/enterprise-e3-who-owns.png" alt="Who owns this PC? page in Windows 10 setup" width="624" height="351" />
+    
+    **Figure 2. The “Who owns this PC?” page in initial Windows 10 setup**
+
+2.  On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 3**.
+
+    <img src="images/enterprise-e3-choose-how.png" alt="Choose how you'll connect - page in Windows 10 setup" width="624" height="351" />
+    
+    **Figure 3. The “Choose how you’ll connect” page in initial Windows 10 setup**
+
+3.  On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 4**.
+
+    <img src="images/enterprise-e3-lets-get.png" alt="Let's get you signed in - page in Windows 10 setup" width="624" height="351" />
+    
+    **Figure 4. The “Let’s get you signed in” page in initial Windows 10 setup**
+
+Now the device is Azure AD joined to the company’s subscription.
+
+**To join a device to Azure AD when the device already has Windows 10 Pro, version 1607 installed and set up**
+
+1.  Go to **Settings &gt; Accounts &gt; Access work or school**, as illustrated in **Figure 5**.
+
+    <img src="images/enterprise-e3-connect-to-work-or-school.png" alt="Connect to work or school configuration" width="624" height="482" />
+    
+    **Figure 5. Connect to work or school configuration in Settings**
+
+2.  In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 6**.
+
+    <img src="images/enterprise-e3-set-up-work-or-school.png" alt="Set up a work or school account" width="624" height="603" />
+    
+    **Figure 6. Set up a work or school account**
+
+3.  On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 7**.
+
+    <img src="images/enterprise-e3-lets-get-2.png" alt="Let's get you signed in - dialog box" width="624" height="603" />
+    
+    **Figure 7. The “Let’s get you signed in” dialog box**
+
+Now the device is Azure AD joined to the company’s subscription.
+
+### Step 2: Sign in using Azure AD account
+
+Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
+
+<img src="images/enterprise-e3-sign-in.png" alt="Sign in, Windows 10" width="624" height="351" />
+
+**Figure 8. Sign in by using Azure AD account**
+
+### Step 3: Verify that Enterprise edition is enabled
+
+You can verify the Windows 10 Enterprise E3 subscription in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 9**.
+
+<span id="win-10-activated-subscription-active"/>
+#### Figure 9 - Windows 10 Enterprise E3 subscription in Settings 
+
+<img src="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt="Windows 10 activated and subscription active" width="624" height="407" />
+
+If there are any problems with the Windows 10 Enterprise E3 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
+
+## Troubleshoot the user experience
+
+In some instances, users may experience problems with the Windows 10 Enterprise E3 subscription. The most common problems that users may experience are as follows:
+
+-   The existing Windows 10 Pro, version 1607 operating system is not activated.
+
+-   The Windows 10 Enterprise E3 subscription has lapsed or has been removed.
+
+Use the following figures to help you troubleshoot when users experience these common problems:
+
+- [Figure 9](#win-10-activated-subscription-active) illustrates a device in a healthy state, where Windows 10 Pro, version 1607 is activated and the Windows 10 Enterprise E3 subscription is active.
+
+- [Figure 10](#win-10-not-activated) illustrates a device on which Windows 10 Pro, version 1607 is not activated, but the Windows 10 Enterprise E3 subscription is active.
+
+- [Figure 11](#subscription-not-active) illustrates a device on which Windows 10 Pro, version 1607 is activated, but the Windows 10 Enterprise E3 subscription is lapsed or removed.
+
+- [Figure 12](#win-10-not-activated-subscription-not-active) illustrates a device on which Windows 10 Pro, version 1607 license is not activated and the Windows 10 Enterprise E3 subscription is lapsed or removed.
+
+<span id="win-10-not-activated"/>
+### Figure 10 - Windows 10 Pro, version 1607 edition not activated in Settings
+
+<img src="images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png" alt="Windows 10 not activated and subscription active" width="624" height="407" /><br><br>
+
+<span id="subscription-not-active"/>
+### Figure 11 - Windows 10 Enterprise E3 subscription lapsed or removed in Settings
+
+<img src="images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png" alt="Windows 10 activated and subscription not active" width="624" height="407" /><br><br>
+
+<span id="win-10-not-activated-subscription-not-active"/>
+### Figure 12 - Windows 10 Pro, version 1607 edition not activated and Windows 10 Enterprise E3 subscription lapsed or removed in Settings
+
+<img src="images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png" alt="Windows 10 not activated and subscription not active" width="624" height="407" /><br><br>
+
+### Review requirements on devices
+
+Devices must be running Windows 10 Pro, version 1607, and be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
+
+**To determine if a device is Azure Active Directory joined:**
+
+1.  Open a command prompt and type **dsregcmd /status**.
+
+2.  Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+
+**To determine the version of Windows 10:**
+
+-   At a command prompt, type:
+    **winver**
+
+    A popup window will display the Windows 10 version number and detailed OS build information.
+
+    If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal.
+
+## Deploy Windows 10 Enterprise features
+
+Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows-10-pro-and-enterprise-editions)?
+
+The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
+
+### Credential Guard\*
+
+You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
+
+-   **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
+
+-   **Manual**. You can manually turn on Credential Guard by doing the following:
+
+    -   Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
+
+    -   Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](http://www.microsoft.com/download/details.aspx?id=53337).
+
+    You can automate these manual steps by using a management tool such as System Center Configuration Manager.
+
+For more information about implementing Credential Guard, see the following resources:
+
+-   [Protect derived domain credentials with Credential Guard](http://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)
+-   [PC OEM requirements for Device Guard and Credential Guard](http://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx)
+-   [Device Guard and Credential Guard hardware readiness tool](http://www.microsoft.com/download/details.aspx?id=53337)
+
+\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
+
+### Device Guard
+
+Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
+
+1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
+
+2.  **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
+
+3.  **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
+
+4.  **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
+
+5.  **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
+
+6.  **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
+
+7.  **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
+
+For more information about implementing Device Guard, see:
+
+- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
+- [Device Guard deployment guide](http://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide)
+
+### AppLocker management
+
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+
+For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-policies-deployment-guide).
+
+### App-V
+
+App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
+
+-   **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
+
+-   **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
+
+-   **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
+
+For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
+
+-   [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)
+-   [Deploying the App-V server](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-server)
+-   [Deploying the App-V Sequencer and Configuring the Client](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client)
+
+### UE-V
+UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
+
+- **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
+
+- **Settings packages**. Settings packages created by the UE-V service store application settings and Windows settings. Settings packages are built, locally stored, and copied to the settings storage location.
+
+- **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
+
+- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
+
+- **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
+
+For more information about deploying UE-V, see the following resources:
+
+- [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)
+- [Get Started with UE-V](https://technet.microsoft.com/itpro/windows/manage/uev-getting-started)
+- [Prepare a UE-V Deployment](https://technet.microsoft.com/itpro/windows/manage/uev-prepare-for-deployment) 
+
+### Managed User Experience
+
+The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
+
+*Table 2. Managed User Experience features*
+
+| Feature          | Description     |
+|------------------|-----------------|
+| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.<br>For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](http://technet.microsoft.com/itpro/windows/manage/customize-windows-10-start-screens-by-using-group-policy). |
+| Unbranded boot             | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.<br>For more information on these settings, see [Unbranded Boot](http://msdn.microsoft.com/library/windows/hardware/mt571997(v=vs.85).aspx).       |
+| Custom logon               | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.<br>For more information on these settings, see [Custom Logon](http://msdn.microsoft.com/library/windows/hardware/mt571990(v=vs.85).aspx).                        |
+| Shell launcher             | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.<br>For more information on these settings, see [Shell Launcher](http://msdn.microsoft.com/library/windows/hardware/mt571994(v=vs.85).aspx).     |
+| Keyboard filter            | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.<br>For more information on these settings, see [Keyboard Filter](http://msdn.microsoft.com/library/windows/hardware/mt587088(v=vs.85).aspx).    |
+| Unified write filter       | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.<br>For more information on these settings, see [Unified Write Filter](http://msdn.microsoft.com/library/windows/hardware/mt572001(v=vs.85).aspx).    |
+
+## Related topics
+
+[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
+
+[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
+
+[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md
index 77244eef9a..9f6e7605fb 100644
--- a/windows/deploy/windows-10-poc-sc-config-mgr.md
+++ b/windows/deploy/windows-10-poc-sc-config-mgr.md
@@ -184,7 +184,10 @@ Description here.
     New-Item -ItemType Directory -Path "C:Sources\OSD\OS"
     New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
     New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
+    New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
+    New-Item -ItemType Directory -Path "C:\Logs"
     New-SmbShare -Name Sources$ -Path C:\Sources -ChangeAccess EVERYONE
+    New-SmbShare -Name Logs$ -Path C:\Logs -ChangeAccess EVERYONE
     ```
 
 ## Enable MDT ConfigMgr integration
@@ -206,10 +209,10 @@ Description here.
 
 1. Deterime the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1:
 
-```
-(Get-NetAdapter "Ethernet").MacAddress
-```
->If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter.
+    ```
+    (Get-NetAdapter "Ethernet").MacAddress
+    ```
+    >If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter.
 
 2. In the System Center Configuration Manager console, in the **Administration** workspace, click **Distribution Points**.
 3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**.
@@ -234,11 +237,11 @@ Description here.
     wdsmgfw.efi
     wdsnbp.com
     ```
->If these files are not present, type the following command at an elevated Windows PowerShell prompt to open the Configuration Manager Trace Log Tool. In the tool, click **File**, click **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red:
+    >If these files are not present, type the following command at an elevated Windows PowerShell prompt to open the Configuration Manager Trace Log Tool. In the tool, click **File**, click **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red:
 
-```
-Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
-```
+    ```
+    Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
+    ```
 
 ## Create a branding image file 
 
@@ -449,10 +452,186 @@ If you have not yet created a Windows 10 reference image, complete the following
 
 1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
 
-```
-New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64"
-```
+    ```
+    New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64"
+    cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
+    ```
 
+2. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Operating System Images**, and then click **Add Operating System Image**.
+
+3. On the Data Source page, under **Path:**, type **\\SRV1\Sources$\OSD\OS\Windows 10 Enterprise x64\REFW10X64-001.wim**, and click **Next**.
+
+4. On the General page, next to **Name:**, type **Windows 10 Enterprise x64**, click **Next** twice, and then click **Close**.
+
+5. Distribute the operating system image to the SRV1 distribution point by right-clicking the **Windows 10 Enterprise x64** operating system image and then clicking **Distribute Content**.
+
+6. In the Distribute Content Wizard, click **Next**, click **Add**, click **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
+
+7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar, click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**.
+
+## Create a task sequence
+
+1. In the Configuration Manager console, in the **Software Library** workspace expand **Operating Systems**, right-click **Task Sequences**, and then click **Create MDT Task Sequence**.
+
+2. On the Choose Template page, select the **Client Task Sequence** template and click **Next**.
+
+3. On the General page, type **Windows 10 Enterprise x64** under **Task sequence name:** and then click **Next**.
+
+4. On the Details page, enter the following settings:<BR>
+    - Join a domain: contoso.com<BR>
+    - Account: click **Set**<BR>
+        - User name: contoso\administrator<BR>
+        - Password: pass@word1<BR>
+        - Confirm password: pass@word1<BR>
+        - Click **OK**<BR>
+    - Windows Settings<BR>
+        - User name: Contoso<BR>
+        - Organization name: Contoso<BR>
+        - Product key: \<blank\><BR>
+    - Administrator Account: Enable the account and specify the local administrator password<BR>
+        - Password: pass@word1<BR>
+        - Confirm password: pass@word1<BR>
+    - Click Next<BR>
+ 
+5. On the Capture Settings page, accept the default settings and click **Next**.
+
+6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package and then click **Next**.
+
+7. On the MDT Package page, select **Create a new Microsoft Deployment Toolkit Files package**, under **Package source folder to be created (UNC Path):**, type **\\SRV1\Sources$\OSD\MDT\MDT 2013**, and then click **Next**.
+
+8. On the MDT Details page, next to **Name:** type **MDT 2013** and then click **Next**.
+
+9. On the OS Image page, browse and select the **Windows 10 Enterprise x64** package, and then click **Next**.
+
+10. On the Deployment Method page, accept the default settings and click **Next**.
+
+11. On the Client Package page, browse and select the **Microsoft Corporation Configuration Manager Client package** and then click **Next**.
+
+12. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows 8 10.0.14393.0** package, and then click **Next**.
+
+13. On the Settings Package page, select **Create a new settings package**, and under **Package source folder to be created (UNC Path):**, type \\SRV1\Sources$\OSD\Settings\Windows 10 x64 Settings, and then click **Next**.
+
+14. On the Settings Details page, next to **Name:**, type **Windows 10 x64 Settings**, and click **Next**.
+
+15. On the Sysprep Package page, click **Next** twice.
+
+16. On the Confirmation page, click **Finish**.
+
+## Edit the task sequence
+
+1. In the Configuration Manager console, in the Software Library workspace, click Task Sequences, right-click Windows 10 Enterprise x64, and then click Edit.
+
+2. Scroll down to the Install group and click Set Variable for Drive Letter.
+
+3. Change the Value under OSDPreserveDriveLetter from False to True, and click Apply.
+
+4. In the **State Restore** group, click **Set Status 5**, click **Add**, point to **User State**, and click **Request State Store**. This adds a new action immediately after **Set Status 5**.
+
+5. Configure the **Request State Store** action that was just added with the following settings:<BR>
+    - Request state storage location to: **Restore state from another computer**<BR>
+    - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox.<BR>
+    - Options tab: Select the **Continue on error** checkbox.<BR>
+    - Add Condition: **Task Sequence Variable**:<BR>
+        - Variable: **USMTLOCAL** <BR>
+        - Condition: **not equals**<BR>
+        - Value: **True**<BR>
+        - Click **OK**.<BR>
+    - Click **Apply**<BR>.
+
+6. In the **State Restore** group, click **Restore User State**, click **Add**, point to **User State**, and click **Release State Store**.
+
+7. Configure the **Release State Store** action that was just added with the following settings:<BR>
+    - Options tab: Select the **Continue on error** checkbox.<BR>
+    - Add Condition: **Task Sequence Variable**:<BR>
+        - Variable: **USMTLOCAL** <BR>
+        - Condition: **not equals**<BR>
+        - Value: **True**<BR>
+        - Click **OK**.<BR>
+    - Click **OK**<BR>.
+
+
+## Finalize the operating system configuration
+
+1. In the MDT deployment workbench on SRV1, right-click **Deployment Shares** and then click **New Deployment Share**.
+
+2. Use the following settings for the New Deployment Share Wizard:
+    - Deployment share path: **C:\MDTProduction**<BR>
+    - Share name: **MDTProduction$**<BR>
+    - Deployment share description: **MDT Production**<BR>
+    - Options: click **Next** to accept the default<BR>
+    - Summary: click **Next**<BR>
+    - Progress: settings will be applied<BR>
+    - Confirmation: click **Finish**
+
+3. Right-click the **MDT Production** deployment share, and click **Properties**. 
+
+4. Click the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
+
+5. Type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    notepad "C:\Sources\OSD\Settings\Windows 10 x64 Settings\CustomSettings.ini"
+    ```
+6. Replace the contents of the file with the following text:
+
+    ```
+    [Settings]
+    Priority=Default
+    Properties=OSDMigrateConfigFiles,OSDMigrateMode
+
+    [Default]
+    DoCapture=NO
+    ComputerBackupLocation=NONE
+    MachineObjectOU=ou=Workstations,ou=Computers,ou=Contoso,dc=contoso,dc=com
+    OSDMigrateMode=Advanced
+    OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
+    OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
+    SLSHARE=\\SRV1\Logs$
+    EventService=http://SRV1:9800
+    ApplyGPOPack=NO
+    ```
+7. In the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears.
+
+8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**.
+
+9. In the Distribute Content Wizard, click **Next**, click **Add**, click **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
+
+10. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar, click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**.
+
+## Create a deployment for the task sequence
+
+1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**. 
+
+2. On the General page, next to **Collection**, click **Browse** and select the **All Unknown Computers** collection, then click **Next**.
+
+3. On the Deployment Settings page, use the following settings:<BR>
+    - Purpose: Available<BR>
+    - Make available to the following: Only media and PXE<BR>
+    - Click Next.<BR>
+4. Click **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages.
+
+5. Click **Close**.
+
+## Deploy Windows 10 using PXE and Configuration Manager
+
+1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
+    Start-VM PC3
+    vmconnect localhost PC3
+    ```
+2. Press ENTER when prompted to start the network boot service.
+
+3. In the Task Sequence Wizard, provide the password: pass@word1, and then click Next.
+
+4. The Windows 10 Enterprise x64 task sequence is selected, click Next.
+
+- ok I have an error that PS100001 cannot be located on a distribution point.
+- I tried going to content status and this seems to bhe the USMT and it says it is successfully distributed
+- I tried software library, boot images, and distribute these - this didn't help
+- I tried software library, application management, packages, distribute content but the distributon point isn't showing up. This is likely the problem.
 
 ## Related Topics
 
diff --git a/windows/deploy/windows-10-upgrade-paths.md b/windows/deploy/windows-10-upgrade-paths.md
index 7ee695086b..b6c196f4d1 100644
--- a/windows/deploy/windows-10-upgrade-paths.md
+++ b/windows/deploy/windows-10-upgrade-paths.md
@@ -4,6 +4,7 @@ description: You can upgrade to Windows 10 from a previous version of Windows if
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+localizationpriority: high
 ms.pagetype: mobile
 author: greg-lindsay
 ---
diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md
index 456d2786a0..89c15460f6 100644
--- a/windows/deploy/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md
@@ -4,6 +4,7 @@ description: The Windows Assessment and Deployment Kit (Windows ADK) contains to
 ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: greg-lindsay
 ---
@@ -11,7 +12,7 @@ author: greg-lindsay
 # Windows ADK for Windows 10 scenarios for IT Pros
 
 
-The [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](http://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
+The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](http://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
 
 In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](http://msdn.microsoft.com/library/windows/hardware/dn938361.aspx).
 
diff --git a/windows/deploy/windows-deployment-scenarios-and-tools.md b/windows/deploy/windows-deployment-scenarios-and-tools.md
index a970f1b56f..1a431a3040 100644
--- a/windows/deploy/windows-deployment-scenarios-and-tools.md
+++ b/windows/deploy/windows-deployment-scenarios-and-tools.md
@@ -21,7 +21,7 @@ In this topic, you also learn about different types of reference images that you
 ## <a href="" id="sec06"></a>Windows Assessment and Deployment Kit
 
 
-Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803  ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803  ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
 
 ![figure 1](images/win-10-adk-select.png)
 
@@ -48,7 +48,7 @@ Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All
 
 Figure 2. Using DISM functions in PowerShell.
 
-For more information on DISM, see [DISM technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619161).
+For more information on DISM, see [DISM technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619161).
 
 ### User State Migration Tool (USMT)
 
@@ -96,7 +96,7 @@ By default USMT migrates many settings, most of which are related to the user pr
 
 -   Application settings
 
-These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](http://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619228).
+These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](https://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619228).
 
 ### Windows Imaging and Configuration Designer
 
@@ -106,7 +106,7 @@ Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to a
 
 Figure 4. Windows Imaging and Configuration Designer.
 
-For more information, see [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkID=525483).
+For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkID=525483).
 
 ### Windows System Image Manager (Windows SIM)
 
@@ -116,7 +116,7 @@ Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or C
 
 Figure 5. Windows answer file opened in Windows SIM.
 
-For more information, see [Windows System Image Manager Technical Reference]( http://go.microsoft.com/fwlink/p/?LinkId=619906).
+For more information, see [Windows System Image Manager Technical Reference]( https://go.microsoft.com/fwlink/p/?LinkId=619906).
 
 ### Volume Activation Management Tool (VAMT)
 
@@ -132,7 +132,7 @@ VAMT also can be used to create reports, switch from MAK to KMS, manage Active D
 Get-VamtProduct
 ```
 
-For more information on the VAMT, see [VAMT technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619230).
+For more information on the VAMT, see [VAMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619230).
 
 ### Windows Preinstallation Environment (Windows PE)
 
@@ -144,7 +144,7 @@ The key thing to know about Windows PE is that, like the operating system, it ne
 
 Figure 7. A machine booted with the Windows ADK default Windows PE boot image.
 
-For more details on Windows PE, see [Windows PE (WinPE)](http://go.microsoft.com/fwlink/p/?LinkId=619233).
+For more details on Windows PE, see [Windows PE (WinPE)](https://go.microsoft.com/fwlink/p/?LinkId=619233).
 
 ## <a href="" id="sec07"></a>Windows Recovery Environment
 
@@ -155,7 +155,7 @@ Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset
 
 Figure 8. A Windows 10 client booted into Windows RE, showing Advanced options.
 
-For more information on Windows RE, see [Windows Recovery Environment](http://go.microsoft.com/fwlink/p/?LinkId=619236).
+For more information on Windows RE, see [Windows Recovery Environment](https://go.microsoft.com/fwlink/p/?LinkId=619236).
 
 ## <a href="" id="sec08"></a>Windows Deployment Services
 
@@ -166,7 +166,7 @@ Windows Deployment Services (WDS) has been updated and improved in several ways
 
 Figure 9. Windows Deployment Services using multicast to deploy three machines.
 
-In Windows Server 2012 R2, [Windows Deployment Services](http://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
+In Windows Server 2012 R2, [Windows Deployment Services](https://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
 
 ### Trivial File Transfer Protocol (TFTP) configuration
 
@@ -200,12 +200,12 @@ Lite Touch and Zero Touch are marketing names for the two solutions that MDT 201
 
 Figure 11. The Deployment Workbench in MDT 2013, showing a task sequence.
 
-For more information on MDT 2013 Update 1, see the [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618117) resource center.
+For more information on MDT 2013 Update 1, see the [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618117) resource center.
 
 ## <a href="" id="sec10"></a>Microsoft Security Compliance Manager 2013
 
 
-[Microsoft SCM](http://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
+[Microsoft SCM](https://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
 
 ![figure 12](images/mdt-11-fig14.png)
 
@@ -228,7 +228,7 @@ The following components are included in the MDOP suite:
 
 -   **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, as well as monitor compliance with these policies.
 
-For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](http://go.microsoft.com/fwlink/p/?LinkId=619247).
+For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](https://go.microsoft.com/fwlink/p/?LinkId=619247).
 
 ## <a href="" id="sec12"></a>Internet Explorer Administration Kit 11
 
@@ -239,7 +239,7 @@ There has been a version of IEAK for every version of Internet Explorer since 3.
 
 Figure 13. The User Experience selection screen in IEAK 11.
 
-To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](http://go.microsoft.com/fwlink/p/?LinkId=619248) page.
+To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=619248) page.
 
 ## <a href="" id="sec13"></a>Windows Server Update Services
 
@@ -250,7 +250,7 @@ WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a l
 
 Figure 14. The Windows Server Update Services console.
 
-For more information on WSUS, see the [Windows Server Update Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=619249).
+For more information on WSUS, see the [Windows Server Update Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=619249).
 
 ## <a href="" id="sec14"></a>Unified Extensible Firmware Interface
 
@@ -323,7 +323,7 @@ There are many things that affect operating system deployment as soon as you run
 
 -   UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit).
 
-For more information on UEFI, see the [UEFI firmware](http://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources.
+For more information on UEFI, see the [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources.
 
 ## Related topics
 
diff --git a/windows/deploy/windows-upgrade-and-migration-considerations.md b/windows/deploy/windows-upgrade-and-migration-considerations.md
index fc4c69a980..910efb0f39 100644
--- a/windows/deploy/windows-upgrade-and-migration-considerations.md
+++ b/windows/deploy/windows-upgrade-and-migration-considerations.md
@@ -17,7 +17,7 @@ You can upgrade from an earlier version of Windows, which means you can install
 ## Migrate files and settings
 Migration tools are available to transfer settings from one computer that is running Windows to another. These tools transfer only the program settings, not the programs themselves.
 
-For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
 
 The User State Migration Tool (USMT) 10.0 is an application intended for administrators who are performing large-scale automated deployments. For deployment to a small number of computers or for individually customized deployments, you can use Windows Easy Transfer.
 
@@ -33,7 +33,7 @@ You can use USMT to automate migration during large deployments of the Windows o
 Whether you are upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
 
 ### Application compatibility
-For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
 
 ### Multilingual Windows image upgrades
 When performing multilingual Windows upgrades, cross-language upgrades are not supported by USMT. If you are upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
diff --git a/windows/docfx.json b/windows/docfx.json
index 4d4f037a4c..4b2035530d 100644
--- a/windows/docfx.json
+++ b/windows/docfx.json
@@ -3,7 +3,7 @@
     "content":
       [
         {
-          "files": ["**/**.md"],
+          "files": ["**/**.md", "**/**.yml"],
           "exclude": ["**/obj/**"]
         }
       ],
@@ -14,7 +14,8 @@
         }
     ],
     "globalMetadata": {
-        "ROBOTS": "INDEX, FOLLOW"
+        "ROBOTS": "INDEX, FOLLOW",
+        "breadcrumb_path": "/itpro/windows/breadcrumb/toc.json"
     },
     "externalReference": [
     ],
diff --git a/windows/index.md b/windows/index.md
index ec5ecb7a39..d5e7f92b8a 100644
--- a/windows/index.md
+++ b/windows/index.md
@@ -27,7 +27,7 @@ This library provides the core content that IT pros need to evaluate, plan, depl
 ## Related topics
 
 
-[Windows 10 TechCenter](http://go.microsoft.com/fwlink/?LinkId=620009)
+[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
 
  
 
diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 9ae5d89ffc..57a7d44fcf 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -32,7 +32,6 @@
 #### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md)
 #### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)
 ### [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
-#### [Windows Information Protection (WIP) overview](wip-enterprise-overview.md)
 #### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
 #### [Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md)
 #### [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md)
diff --git a/windows/keep-secure/active-directory-security-groups.md b/windows/keep-secure/active-directory-security-groups.md
index 630308945a..552c86b75a 100644
--- a/windows/keep-secure/active-directory-security-groups.md
+++ b/windows/keep-secure/active-directory-security-groups.md
@@ -172,10 +172,10 @@ The following tables provide descriptions of the default groups that are located
 <thead>
 <tr class="header">
 <th>Default Security Group</th>
+<th>Windows Server 2016</th>
 <th>Windows Server 2012 R2</th>
 <th>Windows Server 2012</th>
 <th>Windows Server 2008 R2</th>
-<th>Windows Server 2008</th>
 </tr>
 </thead>
 <tbody>
@@ -183,7 +183,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>[Access Control Assistance Operators](#bkmk-acasstops)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 <tr class="even">
@@ -232,7 +232,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>[Cloneable Domain Controllers](#bkmk-cloneabledomaincontrollers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 <tr class="odd">
@@ -327,7 +327,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
-<td><p>[Group Policy Creators Owners](#bkmk-gpcreatorsowners)</p></td>
+<td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
@@ -344,7 +344,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 <tr class="odd">
@@ -362,143 +362,164 @@ The following tables provide descriptions of the default groups that are located
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
+<td><p>[Key Admins](#key-admins)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>
+<tr class="even">
 <td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Performance Log Users](#bkmk-perflogusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Print Operators](#bkmk-printoperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Protected Users](#bkmk-protectedusers)</p></td>
 <td><p>Yes</p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 <td><p></p></td>
-<td><p></p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
-<td><p></p></td>
-</tr>
-<tr class="odd">
-<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
 <td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p></p></td>
 <td><p></p></td>
 </tr>
 <tr class="even">
-<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
+<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
+<td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
 <td><p></p></td>
 </tr>
 <tr class="odd">
+<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+</tr>
+<tr class="even">
 <td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Replicator](#bkmk-replicator)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Schema Admins](#bkmk-schemaadmins)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Server Operators](#bkmk-serveroperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
+<tr class="even">
+<td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>
 <tr class="odd">
+<td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>
+<tr class="even">
 <td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Users](#bkmk-users)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
 <td><p></p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 </tbody>
@@ -2196,7 +2217,25 @@ This security group has not changed since Windows Server 2008.
 </tbody>
 </table>
 
- 
+### Key Admins
+
+Members of this group can perform administrative actions on key objects within the domain.
+
+The Key Admins group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-21-4195037842-338827918-94892514-526 |
+| Type | Global |
+| Default container | CN=Users, DC=&lt;domain&gt;, DC= |
+| Default members | None |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
 
 ### <a href="" id="bkmk-networkcfgoperators"></a>Network Configuration Operators
 
@@ -2588,11 +2627,11 @@ Members of the Protected Users group are afforded additional protection against
 
 This security group is designed as part of a strategy to effectively protect and manage credentials within the enterprise. Members of this group automatically have non-configurable protection applied to their accounts. Membership in the Protected Users group is meant to be restrictive and proactively secure by default. The only method to modify the protection for an account is to remove the account from the security group.
 
-This domain-related, global group triggers non-configurable protection on devices and host computers running Windows Server 2012 R2 and Windows 8.1, and on domain controllers in domains with a primary domain controller running Windows Server 2012 R2. This greatly reduces the memory footprint of credentials when users sign in to computers on the network from a non-compromised computer.
+This domain-related, global group triggers non-configurable protection on devices and host computers, starting with the Windows Server 2012 R2 and Windows 8.1 operating systems. It also triggers non-configurable protection on domain controllers in domains with a primary domain controller running Windows Server 2012 R2 or Windows Server 2016. This greatly reduces the memory footprint of credentials when users sign in to computers on the network from a non-compromised computer.
 
 Depending on the account’s domain functional level, members of the Protected Users group are further protected due to behavior changes in the authentication methods that are supported in Windows.
 
--   Members of the Protected Users group cannot authenticate by using the following Security Support Providers (SSPs): NTLM, Digest Authentication, or CredSSP. Passwords are not cached on a device running Windows 8.1, so the device fails to authenticate to a domain when the account is a member of the Protected User group.
+-   Members of the Protected Users group cannot authenticate by using the following Security Support Providers (SSPs): NTLM, Digest Authentication, or CredSSP. Passwords are not cached on a device running Windows 8.1 or Windows 10, so the device fails to authenticate to a domain when the account is a member of the Protected User group.
 
 -   The Kerberos protocol will not use the weaker DES or RC4 encryption types in the preauthentication process. This means that the domain must be configured to support at least the AES cipher suite.
 
@@ -3299,7 +3338,46 @@ This security group has not changed since Windows Server 2008.
 </tbody>
 </table>
 
- 
+### Storage Replica Administrators
+
+Members of this group have complete and unrestricted access to all features of Storage Replica.
+
+The Storage Replica Administrators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-32-582 |
+| Type | BuiltIn Local |
+| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
+| Default members | None |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
+
+### System Managed Accounts Group
+
+Members of this group are managed by the system.
+
+The System Managed Accounts group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
+
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-32-581 |
+| Type | BuiltIn Local |
+| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
+| Default members | Users |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
 
 ### <a href="" id="bkmk-terminalserverlic"></a>Terminal Server License Servers
 
diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
index 8e62ff36b5..9ce1e76918 100644
--- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
+++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
@@ -12,13 +12,17 @@ author: brianlic-msft
 # AD DS schema extensions to support TPM backup
 
 **Applies to**
--   Windows 10
+-   Windows 10, version 1511
+-   Windows 10, version 1507
+
+**Does not apply to**
+- Windows 10, version 1607 or later
 
 This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization.
 
 ## Why a schema extension is needed
 
-The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schemas. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012:
+The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schema. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012, you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012:
 
 ### <a href="" id="tpmschemaextension-ldf-"></a>TpmSchemaExtension.ldf
 
diff --git a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
index f6ed6747d4..3565476277 100644
--- a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
+++ b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
@@ -1,5 +1,5 @@
 ---
-title: Add apps to your Windows Information Protection (WIP) policy by using Microsoft Intune and custom URI functionality (Windows 10)
+title: Add apps to your Windows Information Protection (WIP) policy by using Microsoft Intune custom URI functionality (Windows 10)
 description: Add apps to your Windows Information Protection (WIP) allowed app list, by using the Microsoft Intune custom URI functionality and AppLocker.
 ms.assetid: b50db35d-a2a9-4b78-a95d-a1b066e66880
 keywords: WIP, Enterprise Data Protection, protected apps, protected app list
@@ -17,7 +17,7 @@ localizationpriority: high
 -   Windows 10, version 1607
 -   Windows 10 Mobile
 
-You can add apps to your Windows Information Protection (WIP) protected app list using the Microsoft Intune custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, [Windows 10 custom policy settings in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=691330).
+You can add apps to your Windows Information Protection (WIP) protected app list using the Microsoft Intune custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, [Windows 10 custom policy settings in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=691330).
 
 >**Important**<br>
 Results can be unpredictable if you configure your policy using both the UI and the Custom URI method together. We recommend using a single method for each policy.
diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md
new file mode 100644
index 0000000000..1f2d6310fd
--- /dev/null
+++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md
@@ -0,0 +1,7 @@
+ ---
+ redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection
+ ---
+
+# Additional Windows Defender ATP configuration settings
+
+This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection)
\ No newline at end of file
diff --git a/windows/keep-secure/advanced-security-auditing-faq.md b/windows/keep-secure/advanced-security-auditing-faq.md
index aba6ac5414..9ccd526c9d 100644
--- a/windows/keep-secure/advanced-security-auditing-faq.md
+++ b/windows/keep-secure/advanced-security-auditing-faq.md
@@ -170,8 +170,8 @@ In addition, there are a number of computer management products, such as the Aud
 Users who examine the security event log for the first time can be a bit overwhelmed by the number of audit events that are stored there (which can quickly number in the thousands) and by the structured information that is included for each audit event. Additional information about these events, and the settings used to generate them, can be obtained from the following resources:
 
 -   [Windows 8 and Windows Server 2012 Security Event Details](http://www.microsoft.com/download/details.aspx?id=35753)
--   [Security Audit Events for Windows 7 and Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?linkid=157780)
--   [Security Audit Events for Windows Server 2008 and Windows Vista](http://go.microsoft.com/fwlink/p/?linkid=121868)
+-   [Security Audit Events for Windows 7 and Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?linkid=157780)
+-   [Security Audit Events for Windows Server 2008 and Windows Vista](https://go.microsoft.com/fwlink/p/?linkid=121868)
 -   [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
 
 ## <a href="" id="bkmk-18"></a>Where can I find more detailed information?
@@ -180,7 +180,7 @@ To learn more about security audit policies, see the following resources:
 
 -   [Planning and deploying advanced security audit policies](planning-and-deploying-advanced-security-audit-policies.md)
 -   [Security Monitoring and Attack Detection Planning Guide](http://social.technet.microsoft.com/wiki/contents/articles/325.advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx)
--   [Security Audit Events for Windows 7 and Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?linkid=157780)
--   [Security Audit Events for Windows Server 2008 and Windows Vista](http://go.microsoft.com/fwlink/p/?LinkId=121868)
+-   [Security Audit Events for Windows 7 and Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?linkid=157780)
+-   [Security Audit Events for Windows Server 2008 and Windows Vista](https://go.microsoft.com/fwlink/p/?LinkId=121868)
  
  
diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index 74189887bb..09000d467d 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # View and organize the Windows Defender Advanced Threat Protection Alerts queue
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/applocker-functions.md b/windows/keep-secure/applocker-functions.md
index eaad056c7a..cd1534c55b 100644
--- a/windows/keep-secure/applocker-functions.md
+++ b/windows/keep-secure/applocker-functions.md
@@ -20,14 +20,14 @@ This topic for the IT professional lists the functions and security levels for t
 
 The following list includes the SRP functions beginning with Windows Server 2003 and AppLocker functions beginning with Windows Server 2008 R2 and links to current documentation on MSDN:
 
--   [SaferGetPolicyInformation Function](http://go.microsoft.com/fwlink/p/?LinkId=159781)
--   [SaferCreateLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159782)
--   [SaferCloseLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159783)
--   [SaferIdentifyLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159784)
--   [SaferComputeTokenFromLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159785)
--   [SaferGetLevelInformation Function](http://go.microsoft.com/fwlink/p/?LinkId=159787)
--   [SaferRecordEventLogEntry Function](http://go.microsoft.com/fwlink/p/?LinkId=159789)
--   [SaferiIsExecutableFileType Function](http://go.microsoft.com/fwlink/p/?LinkId=159790)
+-   [SaferGetPolicyInformation Function](https://go.microsoft.com/fwlink/p/?LinkId=159781)
+-   [SaferCreateLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159782)
+-   [SaferCloseLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159783)
+-   [SaferIdentifyLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159784)
+-   [SaferComputeTokenFromLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159785)
+-   [SaferGetLevelInformation Function](https://go.microsoft.com/fwlink/p/?LinkId=159787)
+-   [SaferRecordEventLogEntry Function](https://go.microsoft.com/fwlink/p/?LinkId=159789)
+-   [SaferiIsExecutableFileType Function](https://go.microsoft.com/fwlink/p/?LinkId=159790)
 
 ## Security level ID
 
diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
index 6cc5b28e2f..129b49f08e 100644
--- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Assign user access to the Windows Defender Advanced Threat Protection portal
-description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal. 
+description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -8,13 +8,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Assign user access to the Windows Defender ATP portal
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Azure Active Directory
@@ -30,18 +31,18 @@ Users with full access can log in, view all system information and resolve alert
 Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
 
 **Read only access** <br>
-Users with read only access can log in, view all alerts, and related information. 
+Users with read only access can log in, view all alerts, and related information.
 They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
 Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role.
 
 Use the following steps to assign security roles:
 - Preparations:
-    - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/).<br> 
-    
+    - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).<br>
+
         > [!NOTE]
         > You need to run the PowerShell cmdlets in an elevated command-line.
 
-- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/en-us/library/dn194123.aspx).
+- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx).
 - For **read and write** access, assign users to the security administrator role by using the following command:
 ```text
 Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"
@@ -51,4 +52,4 @@ Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "s
 Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com”
 ```
 
-For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
+For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
diff --git a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
index 3bd9ddd1b8..d66a9e0a4e 100644
--- a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -74,7 +74,7 @@ When the backup and restore function is used, it creates a copy of the file syst
 ### Countermeasure
 
 Enable the **Audit: Audit the use of Backup and Restore privilege** setting. Alternatively, implement automatic log backup by configuring the **AutoBackupLogFiles** registry key. If you enable this option when the [Audit privilege use](basic-audit-privilege-use.md) setting is also enabled, an audit event is generated for every file that is backed up or restored. This information could help you to identify an account that was used to accidentally or maliciously restore data in an unauthorized manner.
-For more information about configuring this key, see Microsoft Knowledge Base article [100879](http://go.microsoft.com/fwlink/p/?LinkId=100879).
+For more information about configuring this key, see Microsoft Knowledge Base article [100879](https://go.microsoft.com/fwlink/p/?LinkId=100879).
 
 ### Potential impact
 
diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
index aee1050952..0beb5a8932 100644
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@@ -12,7 +12,11 @@ author: brianlic-msft
 # Backup the TPM recovery Information to AD DS
 
 **Applies to**
--   Windows 10
+-   Windows 10, version 1511
+-   Windows 10, version 1507
+
+**Does not apply to**
+- Windows 10, version 1607 or later
 
 This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer.
 
diff --git a/windows/keep-secure/bitlocker-frequently-asked-questions.md b/windows/keep-secure/bitlocker-frequently-asked-questions.md
index 29836430fd..c329ed5d14 100644
--- a/windows/keep-secure/bitlocker-frequently-asked-questions.md
+++ b/windows/keep-secure/bitlocker-frequently-asked-questions.md
@@ -139,7 +139,7 @@ The following table lists what action you need to take before you perform an upg
 
 ### <a href="" id="bkmk-automate"></a>Can BitLocker deployment be automated in an enterprise environment?
 
-Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](http://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj649829.aspx).
+Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj649829.aspx).
 
 ### <a href="" id="bkmk-os"></a>Can BitLocker encrypt more than just the operating system drive?
 
diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
index 16e0aa12b2..3f2fc5e488 100644
--- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
@@ -141,7 +141,15 @@ To enroll a certificate from an existing certification authority (CA), do the fo
     2.  Select **Yes, export the private key**.
     3.  Complete the wizard to create the .pfx file.
 
-To create a self-signed certificate, do the following:
+To create a self-signed certificate, you can either use the New-SelfSignedCertificate cmdlet in Windows PowerShell or use Certreq.
+
+Windows PowerShell example:
+
+```syntax
+New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1")
+```
+
+Certreq example:
 
 1.  Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf
 2.  Add the following contents to the previously created file:
@@ -149,12 +157,13 @@ To create a self-signed certificate, do the following:
     ``` syntax
     [NewRequest]
     Subject="CN=BitLocker Network Unlock certificate"
+    ProviderType=0
+    MachineKeySet=True
     Exportable=true
     RequestType=Cert
     KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE"
     KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG"
     KeyLength=2048
-    Keyspec="AT_KEYEXCHANGE"
     SMIME=FALSE
     HashAlgorithm=sha512
     [Extensions]
@@ -179,7 +188,7 @@ To create a self-signed certificate, do the following:
 With the certificate and key created, deploy them to the infrastructure to properly unlock systems. To deploy the certificates, do the following:
 
 1.  On the WDS server, open a new MMC and add the certificates snap-in. Select the computer account and local computer when given the options.
-2.  Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item, choose All Tasks, then **Import**
+2.  Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item, choose All Tasks, then **Import**.
 3.  In the **File to Import** dialog, choose the .pfx file created previously.
 4.  Enter the password used to create the .pfx and complete the wizard.
 
diff --git a/windows/keep-secure/bitlocker-recovery-guide-plan.md b/windows/keep-secure/bitlocker-recovery-guide-plan.md
index 61d362d1a3..1005d019ad 100644
--- a/windows/keep-secure/bitlocker-recovery-guide-plan.md
+++ b/windows/keep-secure/bitlocker-recovery-guide-plan.md
@@ -410,10 +410,10 @@ You can use the following sample script to create a VBScript file to retrieve th
 ' Usage
 ' --------------------------------------------------------------------------------
 Sub ShowUsage
-   Wscript.Echo "USAGE: GetBitLockerKeyPackageAD [Path To Saved Key Package] [Optional Computer Name]"
+   Wscript.Echo "USAGE: GetBitLockerKeyPackageADDS [Path To Save Key Package] [Optional Computer Name]"
    Wscript.Echo "If no computer name is specified, the local computer is assumed."
    Wscript.Echo 
-   Wscript.Echo "Example: GetBitLockerKeyPackageAD E:\bitlocker-ad-key-package mycomputer"
+   Wscript.Echo "Example: GetBitLockerKeyPackageADDS E:\bitlocker-ad-key-package mycomputer"
    WScript.Quit
 End Sub
 ' --------------------------------------------------------------------------------
@@ -541,13 +541,23 @@ Function BinaryToString(Binary)
   BinaryToString = S
 End Function
 WScript.Quit
+```
+
 The following sample script exports a new key package from an unlocked, encrypted volume.
-To run this script, start by saving the code into a VBS file (for example, GetBitLockerKeyPackage.vbs). Then, open an administrator command prompt and use “cscript” to run the saved file (for example, type "cscript GetBitLockerKeyPackage.vbs  -?").
+
+**To run the sample key package retrieval script**
+
+1. Save the following sample script in a VBScript file. For example: GetBitLockerKeyPackage.vbs
+2. Open an administrator command prompt, type a command similar to the following:
+
+    **cscript GetBitLockerKeyPackage.vbs  -?**
+
+``` syntax
 ' --------------------------------------------------------------------------------
 ' Usage
 ' --------------------------------------------------------------------------------
 Sub ShowUsage
-   Wscript.Echo "USAGE: GetBitLockerKeyPackage [VolumeLetter/DriveLetter:] [Path To Saved Key Package]"
+   Wscript.Echo "USAGE: GetBitLockerKeyPackage [VolumeLetter/DriveLetter:] [Path To Save Key Package]"
    Wscript.Echo 
    Wscript.Echo "Example: GetBitLockerKeyPackage C: E:\bitlocker-backup-key-package"
    WScript.Quit
diff --git a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
index 83a3f113a9..8343d2c59e 100644
--- a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
+++ b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
@@ -8,9 +8,16 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
+localizationpriority: high
 ---
 
 # Block untrusted fonts in an enterprise
+**Applies to:**
+
+-   Windows 10
+
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
 
 ## What does this mean for me?
@@ -30,7 +37,7 @@ After you turn this feature on, your employees might experience reduced function
 
 -   Sending a print job to a remote printer server that uses this feature and where the spooler process hasn’t been specifically excluded. In this situation, any fonts that aren’t already available in the server’s %windir%/Fonts folder won’t be used.
 
--   Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](http://go.microsoft.com/fwlink/p/?LinkId=522302).
+-   Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](https://go.microsoft.com/fwlink/p/?LinkId=522302).
 
 -   Using first or third-party apps that use memory-based fonts.
 
diff --git a/windows/keep-secure/bypass-traverse-checking.md b/windows/keep-secure/bypass-traverse-checking.md
index 60df8885da..5c32eaf5e4 100644
--- a/windows/keep-secure/bypass-traverse-checking.md
+++ b/windows/keep-secure/bypass-traverse-checking.md
@@ -14,6 +14,8 @@ author: brianlic-msft
 **Applies to**
 -   Windows 10
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Describes the best practices, location, values, policy management, and security considerations for the **Bypass traverse checking** security policy setting.
 
 ## Reference
@@ -78,7 +80,7 @@ The default configuration for the **Bypass traverse checking** setting is to all
 
 ### Countermeasure
 
-Organizations that are extremely concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users cannot see any folder or file to which they do not have access. For more info about this feature, see [Access-based Enumeration](http://go.microsoft.com/fwlink/p/?LinkId=100745).
+Organizations that are extremely concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users cannot see any folder or file to which they do not have access. For more info about this feature, see [Access-based Enumeration](https://go.microsoft.com/fwlink/p/?LinkId=100745).
 
 ### Potential impact
 
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index c8012d34ec..5de6b76a7a 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -12,8 +12,19 @@ author: brianlic-msft
 # Change history for Keep Windows 10 secure
 This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## September 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs |
+| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate |
+
 ## August 2016
-- [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New |
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New |
+|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |Updated and added additional scenarios for testing |
+|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated to include info from the original What's New and Overview topics |
 
 ## RELEASE: Windows 10, version 1607
 
diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index ba11bc7a8c..50d9175eb2 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -17,11 +17,13 @@ author: brianlic-msft
 This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 
 ## About the TPM owner password
-The owner of the TPM is the user who possesses the owner password and is able to set it and change it. Only one owner password exists per TPM. The owner of the TPM can make full use of TPM capabilities. When an owner is set, no other user or software can claim ownership of the TPM. Only the TPM owner can enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. Taking ownership of the TPM can be performed as part of the initialization process. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+Starting with Windows 10, version 1607 , Windows will not retain the TPM owner password when provisioning the TPM.  The password will be set to a random high entropy value and then discarded.
 
-Applications, including BitLocker Drive Encryption, can automatically start the initialization process. If you enable BitLocker without manually initializing the TPM, the TPM owner password is automatically created and saved in the same location as the BitLocker recovery password.
-The TPM owner password can be saved as a file on a removable storage device, or on another computer. The password can also be printed. The TPM MMC gives the TPM owner the sole ability to choose the appropriate option to type the password or to use the saved password.
-As with any password, you should change your TPM owner password if you suspect that it has become compromised and is no longer a secret.
+In order to retain the TPM owner password, you will need to set the registry key 'HKLM\Software\Policies\Microsoft\TPM' [REG_DWORD] 'OSManagedAuthLevel' to 4.  The default value for this key is 2, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.  Microsoft strongly recommends that you do not change the default value of this registry key in order to retain the owner password.
+
+Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic.  Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+
+Without the owner password you can still perform all the preceding actions by means of a physical presence confirmation from UEFI.
 
 **Other TPM management options**
 
@@ -31,7 +33,7 @@ Instead of changing your owner password, you can also use the following options
 
     >**Important:**  Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.
      
--   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff).
+-   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff). This option is only available for TPM 1.2.
 
 ## Change the TPM owner password
 
@@ -39,6 +41,8 @@ The following procedure provides the steps that are necessary to change the TPM
 
 **To change the TPM owner password**
 
+If you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
+
 1.  Open the TPM MMC (tpm.msc). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
 2.  In the **Actions** pane, click **Change Owner Password**.
 3.  In the **Manage the TPM security hardware** dialog box, select a method to enter your current TPM owner password.
diff --git a/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
index 5ee2fbe06a..65dcdf6805 100644
--- a/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure an Azure Active Directory application for SIEM integration
@@ -16,7 +17,7 @@ author: mjcaparas
 
 - Azure Active Directory
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index bd262bbc8a..614004d2dc 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure HP ArcSight to consume Windows Defender ATP alerts
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -56,7 +57,7 @@ The following steps assume that you have completed all the required steps in [Be
 5. In the form fill in the following required fields with these values:
     >[!NOTE]
     >All other values in the form are optional and can be left blank.
-    
+
     <table>
     <tbody style="vertical-align:top;">
     <tr>
diff --git a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 535be7d761..731d00b2c5 100644
--- a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using Group Policy
@@ -16,7 +17,7 @@ author: mjcaparas
 
 - Group Policy
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -33,7 +34,7 @@ author: mjcaparas
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
 
-3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
+3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**.
 
@@ -60,7 +61,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
     b.  Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_
 
-2.  Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**.
+2.  Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**.
 
 3.  In the **Group Policy Management Editor**, go to **Computer configuration**.
 
@@ -87,7 +88,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
-3.	Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
+3.	Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
 4.	In the **Group Policy Management Editor**, go to **Computer configuration,** then **Preferences**, and then **Control panel settings**.
 
diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 14be889faa..3b4fddffaf 100644
--- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using Mobile Device Management tools
@@ -15,23 +16,23 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. 
+You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints.
 
-For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 ## Configure endpoints using Microsoft Intune
 
-For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
-### Onboard and monitor endpoints 
+### Onboard and monitor endpoints
 
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- 
+
     a.  Click **Endpoint Management** on the **Navigation pane**.
 
     b.  Select **Mobile Device Management/Microsoft Intune**, click **Download package** and save the .zip file.
@@ -51,8 +52,8 @@ Onboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding | S
 Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | TRUE |  Windows Defender ATP service is running
  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
   | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
- Configuration for onboarded machines  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled 
- 
+ Configuration for onboarded machines  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled
+
 
 > [!NOTE]
 > The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated.
@@ -67,12 +68,12 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Endpoint Management** on the **Navigation pane**.
-    
+
     b. Under **Endpoint offboarding** section, select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file.
-    
+
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.
 
-3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune). 
+3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
 
 Offboarding - Use the offboarding policies to remove configuration settings on endpoints. These policies can be sub-categorized to:
 - Offboarding
@@ -81,7 +82,7 @@ Offboarding - Use the offboarding policies to remove configuration settings on e
 
 Policy | OMA-URI | Type | Value | Description
 :---|:---|:---|:---|:---
-Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | String | Copy content from offboarding MDM file | Offboarding 
+Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | String | Copy content from offboarding MDM file | Offboarding
  Health Status for offboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
   | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
 
@@ -92,5 +93,5 @@ Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding |
 ## Related topics
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) 
+- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 1d009b3943..8faa5dafdb 100644
--- a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using System Center Configuration Manager
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -44,9 +45,9 @@ You can use System Center Configuration Manager’s existing functionality to cr
 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
 
-3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
+3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic.
 
-4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic.
+4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
 
     a. Choose a predefined device collection to deploy the package to.
 
@@ -71,7 +72,7 @@ Possible values are:
 
 The default value in case the registry key doesn’t exist is 1.
 
-For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx).
+For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
 
 
 ### Offboard endpoints
@@ -89,9 +90,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
-3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
+3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic.
 
-4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic.
+4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
 
     a. Choose a predefined device collection to deploy the package to.
 
@@ -127,7 +128,7 @@ Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status”
 Name: “OnboardingState”
 Value: “1”
 ```
-For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx).
+For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
 
 ## Related topics
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 1e740f14b3..a2643013c6 100644
--- a/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using a local script
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
index bd69be41b4..18864595b3 100644
--- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure Windows Defender ATP endpoints
@@ -15,12 +16,12 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization. 
+Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
 
 Windows Defender ATP supports the following deployment tools and methods:
 
diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index bc045d449a..5aaa60e929 100644
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 
@@ -16,7 +17,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -29,8 +30,15 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
 
 - Configure the proxy server manually using a static proxy
 
-## Configure the proxy server manually using a static proxy
-Configure a static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
+    - Auto-discovery methods:
+        - Transparent proxy
+
+    - Manual static proxy configuration
+      - WinHTTP configured using netsh command
+      -	Registry based configuration
+
+## Configure the proxy server manually using a registry-based static proxy
+Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
 
 The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**.
 
@@ -45,8 +53,26 @@ For example: 10.0.0.6:8080
 
 If the static proxy settings are configured after onboarding, then you must restart the PC to apply the proxy settings.
 
-## Enable access to Windows Defender ATP service URLs in the proxy server
+## Configure the proxy server manually using netsh command
 
+Use netsh to configure a system-wide static proxy.
+
+> [!NOTE]
+> This will affect all applications including Windows services which use WinHTTP with default proxy.
+
+1. Open an elevated command-line:
+
+    a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+4. Enter the following command and press **Enter**:
+```
+netsh winhttp set proxy <proxy>:<port>
+```
+For example: netsh winhttp set proxy 10.0.0.6:8080
+
+## Enable access to Windows Defender ATP service URLs in the proxy server
 If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:
 
 Primary Domain Controller | .Microsoft.com DNS record
@@ -59,6 +85,10 @@ Primary Domain Controller | .Microsoft.com DNS record
  <br>
  If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP  sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
 
+ If you selected US as your region, you should permit anonymous traffic for URLs listed in both Central US and East US (2).
+
+ If you selected EU as your region, you should permit anonymous traffic for URLs listed in both West Europe and North Europe.
+
 
 ## Verify client connectivity to Windows Defender ATP service URLs
 
@@ -79,7 +109,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
     ```
     HardDrivePath\WDATPConnectivityAnalyzer.cmd
     ```
-    Replace *HardDrivePath* with the path where the WDATPConnectivityAnalyzer tool was downloaded to, for example 
+    Replace *HardDrivePath* with the path where the WDATPConnectivityAnalyzer tool was downloaded to, for example
     ```text
     C:\Work\tools\WDATPConnectivityAnalyzer\WDATPConnectivityAnalyzer.cmd
     ```
diff --git a/windows/keep-secure/configure-s-mime.md b/windows/keep-secure/configure-s-mime.md
index 7169036152..bce814e3d6 100644
--- a/windows/keep-secure/configure-s-mime.md
+++ b/windows/keep-secure/configure-s-mime.md
@@ -32,11 +32,11 @@ A digitally signed message reassures the recipient that the message hasn't been
 
 ## Prerequisites
 
--   [S/MIME is enabled for Exchange accounts](http://go.microsoft.com/fwlink/p/?LinkId=718217) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
+-   [S/MIME is enabled for Exchange accounts](https://go.microsoft.com/fwlink/p/?LinkId=718217) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
 -   Valid Personal Information Exchange (PFX) certificates are installed on the device.
 
-    -   [How to Create PFX Certificate Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=718215)
-    -   [Enable access to company resources using certificate profiles with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=718216)
+    -   [How to Create PFX Certificate Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=718215)
+    -   [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=718216)
     -   [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
 
 ## Choose S/MIME settings
diff --git a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
index 9811157abe..f8f22a049a 100644
--- a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure security information and events management (SIEM) tools to consume alerts
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
index fc3fe7916f..60e1c00469 100644
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure Splunk to consume Windows Defender ATP alerts
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/configure-windows-defender-in-windows-10.md b/windows/keep-secure/configure-windows-defender-in-windows-10.md
index 71ec31b565..93469dafa2 100644
--- a/windows/keep-secure/configure-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/configure-windows-defender-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
diff --git a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
index c623dd725f..ef423697d1 100644
--- a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
@@ -41,10 +41,10 @@ initially. Therefore, you should continue your evaluation until you can verify t
 >**Tip:**  If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker.
 You can create an inventory of Universal Windows apps on a device by using two methods: the **Get-AppxPackage** Windows PowerShell cmdlet or the AppLocker console.
  
-The following topics in the [AppLocker Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method:
+The following topics in the [AppLocker Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method:
 
--   [Automatically generating executable rules from a reference computer](http://go.microsoft.com/fwlink/p/?LinkId=160264)
--   [Using auditing to track which apps are used](http://go.microsoft.com/fwlink/p/?LinkId=160281)
+-   [Automatically generating executable rules from a reference computer](https://go.microsoft.com/fwlink/p/?LinkId=160264)
+-   [Using auditing to track which apps are used](https://go.microsoft.com/fwlink/p/?LinkId=160281)
 
 ### Prerequisites to completing the inventory
 
diff --git a/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md b/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md
index 90c3dffb25..339d6b3da3 100644
--- a/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md
@@ -28,7 +28,7 @@ Follow these steps to create the VPN policy you want to use with WIP.
 
 2.  Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
 
-    ![Microsoft Intune: Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
+    ![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
 
 3.  Type *WIPModeID* into the **Name** box, along with an optional description for your policy into the **Description** box.
 
@@ -49,7 +49,7 @@ Follow these steps to create the VPN policy you want to use with WIP.
 5.  In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
 It's your choice whether you check the box to **Remember the user credentials at each logon**.
 
-    ![Microsoft Intune: Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
+    ![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
 
 6.  You can leave the rest of the default or blank settings, and then click **Save Policy**.
 
@@ -77,7 +77,7 @@ The final step to making your VPN configuration work with WIP, is to link your t
 
 2.  Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
 
-    ![Microsoft Intune: Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
+    ![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
 
 3.  Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
 
@@ -106,6 +106,8 @@ The final step to making your VPN configuration work with WIP, is to link your t
 
 2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
 
+    ![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png)
+
 3.  After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
 
 
diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
index 4a8a8e9052..7a107e086c 100644
--- a/windows/keep-secure/create-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -74,7 +74,7 @@ For this example, we’re going to add Microsoft OneNote, a store app, to the **
 If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
 
 **To find the Publisher and Product Name values for Store apps without installing them**
-1.	Go to the [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*.
+1.	Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*.
 
     >**Note**<br>
     If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md) topic.
@@ -327,7 +327,7 @@ We recommend that you start with **Silent** or **Override** while verifying with
 |Mode |Description |
 |-----|------------|
 |Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
 |Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
 |Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.|
 
@@ -411,19 +411,19 @@ There are no default locations included with WIP, you must add each of your netw
 
 4. Decide if you want to Windows to look for additional network settings:
 
+    ![Microsoft Intune, Choose if you want Windows to search for additinal proxy servers or IP ranges in your enterprise](images/intune-network-detection-boxes.png)
+
     - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network.
 
 	- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
 
-	- **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps.
-
 5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
 
        ![Microsoft Intune, Add your Data Recovery Agent (DRA) certificate](images/intune-data-recovery.png)
 
     After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
 
-    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
 
 ### Choose your optional WIP-related settings
 After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
index 3fcee10aba..c66c433c22 100644
--- a/windows/keep-secure/create-wip-policy-using-sccm.md
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -92,7 +92,7 @@ If you don't know the publisher or product name, you can find them for both desk
 
 **To find the Publisher and Product Name values for Store apps without installing them**
 
-1.	Go to the [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
+1.	Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
 
     >**Note**<br>
     If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
@@ -347,7 +347,7 @@ We recommend that you start with **Silent** or **Override** while verifying with
 |Mode |Description |
 |-----|------------|
 |Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
 |Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
 |Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.|
 
@@ -446,7 +446,7 @@ There are no default locations included with WIP, you must add each of your netw
 
     After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. 
     
-    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
 
 ### Choose your optional WIP-related settings
 After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
@@ -495,11 +495,11 @@ After you've finished configuring your policy, you can review all of your info o
 
 ## Deploy the WIP policy
 After you’ve created your WIP policy, you'll need to deploy it to your organization's devices. For info about your deployment options, see these topics:
-- [Operations and Maintenance for Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=708224)
-- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( http://go.microsoft.com/fwlink/p/?LinkId=708225)
-- [How to Deploy Configuration Baselines in Configuration Manager]( http://go.microsoft.com/fwlink/p/?LinkId=708226)
+- [Operations and Maintenance for Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=708224)
+- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708225)
+- [How to Deploy Configuration Baselines in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708226)
 
 ## Related topics
-- [System Center Configuration Manager and Endpoint Protection (Version 1606)](http://go.microsoft.com/fwlink/p/?LinkId=717372)
-- [TechNet documentation for Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=691623)
-- [Manage mobile devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=691624)
\ No newline at end of file
+- [System Center Configuration Manager and Endpoint Protection (Version 1606)](https://go.microsoft.com/fwlink/p/?LinkId=717372)
+- [TechNet documentation for Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=691623)
+- [Manage mobile devices with Configuration Manager and Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=691624)
\ No newline at end of file
diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index dda79a977f..55180bcbe5 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -15,7 +15,7 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016
 
-Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
+Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
 
 Credential Guard offers the following features and solutions:
 
@@ -36,10 +36,6 @@ Here's a high-level overview on how the LSA is isolated by using virtualization-
 
 ![Credential Guard overview](images/credguard.png)
 
-## New and changed functionality
-
-To see what was added or changed in Credential Guard, see [What's new in Credential Guard?](../whats-new/credential-guard.md).
-
 ## Hardware and software requirements
 
 The PC must meet the following hardware and software requirements to use Credential Guard:
@@ -91,7 +87,7 @@ The PC must meet the following hardware and software requirements to use Credent
 <td>TPM 2.0</td>
 </tr>
 <tr>
-<td>Windows 10 version 1511 or later</td>
+<td>Windows 10 version 1511, Windows Server 2016, or later</td>
 <td>TPM 2.0 or TPM 1.2</td>
 </tr>
 </table>
@@ -114,7 +110,7 @@ The PC must meet the following hardware and software requirements to use Credent
 </tr>
 <tr class="even">
 <td align="left"><p>Virtual machine</p></td>
-<td align="left"><p>For PCs running Windows 10, version 1607, you can run Credential Guard on a Generation 2 virtual machine.</p></td>
+<td align="left"><p>For PCs running Windows 10, version 1607 or Windows Server 2016, you can run Credential Guard on a Generation 2 virtual machine.</p></td>
 </tr>
 </tr>
 <tr class="even">
@@ -169,7 +165,7 @@ First, you must add the virtualization-based security features. You can do this
 > You can also add these features to an online image by using either DISM or Configuration Manager.
 
 
-In Windows 10, version 1607, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
+In Windows 10, version 1607 and Windows Server 2016, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
 
 ``` syntax
 dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode
@@ -221,14 +217,23 @@ If you have to remove Credential Guard on a PC, you need to do the following:
 
 1.  From an elevated command prompt, type the following commands:
     ``` syntax
+
     mountvol X: /s
+    
     copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
+    
     bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
+    
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
+    
     bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
+    
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
+    
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
+    
     mountvol X: /d
+    
     ```
 2.  Restart the PC.
 3.  Accept the prompt to disable Credential Guard.
@@ -281,16 +286,20 @@ DG_Readiness_Tool_v2.0.ps1 -Ready
 -   Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, Microsoft Passport, or Microsoft Passport for Work.
 -   Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN.
 -   As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running.
--   If you are using Wi-Fi and VPN end points that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for Wi-Fi and VPN connections.
+
 -   Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager:
     -   Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed".
     -   Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials.
     -   You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
     - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported.
 
+### NTLM & CHAP Considerations
+
+When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections.
+
 ### Kerberos Considerations
 
-When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
+When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
     
 ## Scenarios not protected by Credential Guard
 
@@ -311,34 +320,39 @@ Some ways to store credentials are not protected by Credential Guard, including:
 
 Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust.
 
-Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. By deploying authentication policies with compound authentication in Windows Server 2012 R2 or later domains, users can be restricted to only sign on from specific domain-joined devices. However, since devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, authentication policies can require that the device authenticates with its private key. This prevents shared secrets on stolen devices to be used with stolen user passwords or Kerberos secret keys to sign on as the user.
+### Restricting domain users to specific domain-joined devices
 
-Device certificate authentication has the following requirements:
+Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices with Credential Guard? By deploying authentication policies which restrict them to specific domain-joined device that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
 
--   Device domains are Windows Server 2012 or higher and all domain controllers have certificates, which satisfy strict KDC validation (KDC EKU present and the DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension).
+#### Kerberos armoring
+
+Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. 
+
+**To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
+
+-   Users need to be in domains which are running Windows Server 2012 R2 or higher
+-   All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
+-   All the devices with Credential Guard which the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+
+#### Protecting domain-joined device secrets
+
+Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets on stolen from the device to be used with stolen user credentials to sign on as the user.
+
+Domain-joined device certificate authentication has the following requirements:
+-   Devices' accounts are in Windows Server 2012 domain funcational level or higher domains.
+-   All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
+    -   KDC EKU present
+    -   DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
 -   Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store.
 -   A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
-### Additional Group Policy settings
+##### Deploying domain-joined device certificates
 
-There are a few Group Policy settings that you can enable that provide more protection against credential attacks:
+To guarantee that certificates with the issuance policy required are only on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates.
 
--   On the domain controllers, configure the KDC support for claims, compound authentication, and Kerberos armoring system by using Group Policy. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
--   On devices running Windows 10, you can turn it on by using Group Policy as well. To do this, enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** & **Always send compound authentication first system** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template.
 
-### Compound authentication
-
-Compound authentication adds the device identity to the user’s during authentication to the domain and resources. Without compound authentication, only the user’s secrets are validated. With compound authentication, the Kerberos client has to have both the user’s and device’s secrets.
-Enabling compound authentication also enables Kerberos armoring, which provides two additional benefits:
-
--   User authentication on domain-joined devices will be armored. This means that network captures will contain encrypted Kerberos initial authentication. Without the appropriate device key, Kerberos AS-REQs are protected against offline dictionary attacks.
--   KDC errors are signed, which provides protection against error spoofing attacks.
-
-### Deploying machine certificates
-
-If the domain controllers in your organization are running Windows Server 2016, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain.
-If the domain controllers are running Windows Server 2012 R2, the machine certificates must be provisioned manually on each device. You can do this by creating a certificate template on the domain controller or certificate authority and deploying the machine certificates to each device.
-The same security procedures used for issuing smart cards to users should be applied to machine certificates.
+**Creating a new certificate template**
 
 1.  From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.**
 2.  Right-click **Workstation Authentication**, and then click **Duplicate Template**.
@@ -352,7 +366,11 @@ The same security procedures used for issuing smart cards to users should be app
 8.  Under **Issuance Policies**, click**High Assurance**.
 9.  On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box.
 
-On devices that are running Credential Guard, enroll the devices using the machine authentication certificate by running the following command:
+Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created.
+
+**Enrolling devices in a certificate**
+
+Run the following command:
 ``` syntax
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
@@ -360,53 +378,69 @@ CertReq -EnrollCredGuardCert MachineAuthentication
 > [!NOTE]  
 > You must restart the device after enrolling the machine authentication certificate.
  
-### Link the issuance policies to a group
+#### How a certificate issuance policy can be used for access control
+
+Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet.
+
+**To see the issuance policies available**
 
-By using an authentication policy, you can ensure that users only sign into devices that are running Credential Guard. Before you deploy the authentication policy though, you must first run a couple of scripts that set up your environment.
 -   The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.
     From a Windows PowerShell command prompt, run the following command:
+
     ``` syntax
     .\get-IssuancePolicy.ps1 –LinkedToGroup:All
     ```
+
+**To link a issuance policy to a universal security group**
+
 -   The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
     From a Windows PowerShell command prompt, run the following command:
+
     ``` syntax
-    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:”<name of issuance policy>” –groupOU:”<Name of OU to create>” –groupName:”<name of Universal security group to create>”
+    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"<name of issuance policy>" –groupOU:"<Name of OU to create>" –groupName:”<name of Universal security group to create>"
     ```
 
-### Deploy the authentication policy
+#### Restricting user sign on
 
-Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
+So we now have the following:
 
-Now you can set up an authentication policy to use Credential Guard.
+-   Created a special certificate issuance policy to identify devices which meet the deployment criteria required for the user to be able to sign on
+-   Mapped that policy to a universal security group or claim
+-   Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring-   
+so what is left to do is configuring the access check on the domain controllers. This is done with authentication policies.
 
-**To add an authentication policy for Credential Guard**
+Authentication policies have the following requirements:
+-   User accounts are in a Windows Server 2012 domain functional level or higher domain.
 
-1.  Ensure that your domain controllers are running at least the Windows Server 2012 R2 domain functional level.
-2.  Create a security group that will be used to identify the PCs that will have this authentication policy applied to them.
-3.  Add the computer account to this security group.
-4.  Open Active Directory Administrative Center.
-5.  Click **Authentication**, click **New**, and then click **Authentication Policy**.
-6.  In the **Display name** box, enter a name for this authentication policy.
-7.  Under the **Accounts** heading, click **Add**.
-8.  In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account, and then click **OK**.
-9.  Under the **User** heading, click the **Edit** button that applies to user account.
-10. Click **Add a condition**.
-11. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
-12. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
-13. Click **OK** to close the **Edit Access Control Conditions** box.
-14. Click **OK** to create the authentication policy.
-15. Close Active Directory Administrative Center.
+**Creating an authentication policy restricting to the specific universal security group**
 
+1.  Open Active Directory Administrative Center.
+2.  Click **Authentication**, click **New**, and then click **Authentication Policy**.
+3.  In the **Display name** box, enter a name for this authentication policy.
+4.  Under the **Accounts** heading, click **Add**.
+5.  In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you with to restrict, and then click **OK**.
+6.  Under the **User Sign On** heading, click the **Edit** button.
+7. Click **Add a condition**.
+8. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
+9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
+10. Click **OK** to close the **Edit Access Control Conditions** box.
+11. Click **OK** to create the authentication policy.
+12. Close Active Directory Administrative Center.
 
 > [!NOTE]  
-> When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.
- 
-### Appendix: Scripts
+> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
+
+#### Discovering authentication failures due to authentication policies
+
+To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
+
+To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx).
+
+## Appendix: Scripts
 
 Here is a list of scripts that are mentioned in this topic.
 
-#### <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority
+### <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority
 
 Save this script file as get-IssuancePolicy.ps1.
 
@@ -597,7 +631,7 @@ write-host "There are no issuance policies which are not mapped to groups"
 > [!NOTE]  
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
-#### <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
+### <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index e68df885fb..8192f42f7f 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # View the Windows Defender Advanced Threat Protection Dashboard
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -86,7 +87,7 @@ Threats are considered "active" if there is a very high probability that the mal
 Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
 
 > [!NOTE]
-> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 ### Related topics
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 4a509cf46a..ad99762845 100644
--- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Windows Defender ATP data storage and privacy
@@ -15,14 +16,15 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+
 This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP.
 > [!NOTE]
-> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See also [Windows 10 privacy FAQ](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq) for more information.
+> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
 
 ## What data does Windows Defender ATP collect?
 
@@ -30,7 +32,7 @@ Microsoft will collect and store information from your configured endpoints in a
 
 Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version).
 
-Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://azure.microsoft.com/en-us/support/trust-center/).
+Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
 Microsoft uses this data to:
 - Proactively identify indicators of attack (IOAs) in your organization
@@ -44,7 +46,7 @@ Microsoft does not mine your data for advertising or for any other purpose other
 When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 
 ## Is my data isolated from other customer data?
-Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. 
+Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
 
 ## How does Microsoft prevent malicious insider activities and abuse of high privilege roles?
 
@@ -70,4 +72,3 @@ Your data will be kept for a period of at least 90 days, during which it will be
 ## Can Microsoft help us maintain regulatory compliance?
 Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP has a roadmap for obtaining national, regional and industry-specific certifications, starting with ISO 27001. The service is designed, implemented, and maintained according to the compliance and privacy principles of ISO 27001, as well as Microsoft’s compliance standards.
 By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service.
-
diff --git a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
index 2ad4b75d16..e3df30dc93 100644
--- a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Windows Defender compatibility
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender
diff --git a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index b5ecdf6702..0e2faeb18c 100644
--- a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -35,7 +35,7 @@ Rule enforcement is applied only to a collection of rules, not to individual rul
 
 ## Step 3: Update the policy
 
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the AppLocker policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of GPOs. An example of this type of software is the [Advanced Group Policy Management](http://go.microsoft.com/fwlink/p/?LinkId=145013) feature from the 
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the AppLocker policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of GPOs. An example of this type of software is the [Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=145013) feature from the 
 Microsoft Desktop Optimization Pack.
 
 >**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
diff --git a/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md b/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md
index 40242549af..e61e798a6f 100644
--- a/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md
+++ b/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md
@@ -25,6 +25,7 @@ This topic includes the following sections:
 - [Overview of the process of creating code integrity policies](#overview-of-the-process-of-creating-code-integrity-policies): Helps familiarize you with the process described in this and related topics.
 - [Code integrity policy rules](#code-integrity-policy-rules): Describes one key element you specify in a policy, the *policy rules*, which control options such as audit mode or whether UMCI is enabled in a code integrity policy.
 - [Code integrity file rule levels](#code-integrity-file-rule-levels): Describes the other key element you specify in a policy, the *file rules* (or *file rule levels*), which specify the level at which applications will be identified and trusted.
+- [Example of file rule levels in use](#example-of-file-rule-levels-in-use): Gives an example of how file rule levels can be applied.
 
 ## Overview of the process of creating code integrity policies
 
@@ -79,11 +80,6 @@ File rule levels allow administrators to specify the level at which they want to
 
 Each file rule level has its benefit and disadvantage. Use Table 3 to select the appropriate protection level for your available administrative resources and Device Guard deployment scenario.
 
-<!-- Need to confirm these updated table rows:
-    | **SignedVersion** | This combines the publisher rule with a version number. This option allows anything from the specified publisher, with a version at or above the specified version number, to run. |
-    | **FilePublisher** | This is a combination of the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. |
---> 
-
 Table 3. Code integrity policy - file rule levels
 
 | Rule level | Description |
@@ -100,10 +96,20 @@ Table 3. Code integrity policy - file rule levels
 | **WHQLPublisher** | This is a combination of the WHQL and the CN on the leaf certificate and is primarily for kernel binaries. |
 | **WHQLFilePublisher** | Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This is primarily for kernel binaries. |
 
-> **Note**&nbsp;&nbsp;When you create code integrity policies with the [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) cmdlet, you can specify a primary file rule level by including the **–Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **–Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
+> **Note**&nbsp;&nbsp;When you create code integrity policies with the [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) cmdlet, you can specify a primary file rule level by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
+
+## Example of file rule levels in use
+
+For example, consider some IT professionals in a department that runs many servers. They decide they want their servers to run only software signed by the providers of their software and drivers, that is, the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run.
+
+To create the code integrity policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They enable the policy in auditing mode and gather information about any necessary software that was not included on the reference server. They merge code integrity policies into the original policy to allow that additional software to run. Then they enable the code integrity policy in enforced mode for their servers.
+
+As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their code integrity policy. If they come to a time when the internally-written, unsigned application must be updated, they must also update the code integrity policy so that the hash in the policy matches the hash of the updated internal application.
+
+They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by code integrity policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required).
+
 
 ## Related topics
 
 - [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats)
 - [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
-
diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
index c0fea04744..bf63f5df7f 100644
--- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
+++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
@@ -14,16 +14,15 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016
 
-Hardware-based security features, also called virtualization-based security or VBS, make up a large part of Device Guard security offerings. VBS reinforces the most important feature of Device Guard: configurable code integrity. There are three steps to configure hardware-based security features in Device Guard:
+Hardware-based security features, also called virtualization-based security or VBS, make up a large part of Device Guard security offerings. VBS reinforces the most important feature of Device Guard: configurable code integrity. There are a few steps to configure hardware-based security features in Device Guard:
 
-1.  **Verify that hardware and firmware requirements are met**. Verify that your client computers possess the necessary hardware and firmware to run these features. A list of requirements for hardware-based security features is available in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard).
+1.  **Decide whether to use the procedures in this topic, or to use the Device Guard readiness tool**. To enable VBS, you can download and use [the hardware readiness tool on the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or follow the procedures in this topic.
 
-2.  **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. For details, see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security).
+2.  **Verify that hardware and firmware requirements are met**. Verify that your client computers possess the necessary hardware and firmware to run these features. A list of requirements for hardware-based security features is available in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard).
 
-3.  **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. For more information, see the following sections in this topic:
+3.  **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security).
 
-    - [Enable Unified Extensible Firmware Interface Secure Boot](#enable-unified-extensible-firmware-interface-secure-boot)
-    - [Enable virtualization-based security for kernel-mode code integrity](#enable-virtualization-based-security-for-kernel-mode-code-integrity)
+4.  **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security (VBS)](#enable-virtualization-based-security-vbs), later in this topic. 
 
 For information about enabling Credential Guard, see [Protect derived domain credentials with Credential Guard](credential-guard.md).
 
@@ -43,15 +42,19 @@ Hyper-V Hypervisor and Isolated User Mode (not shown).
 
 Figure 1. Enable operating system feature for VBS
 
-After you enable the feature or features, you can configure any additional hardware-based security features you want. The following sections provide more information:
-- [Enable Unified Extensible Firmware Interface Secure Boot](#enable-unified-extensible-firmware-interface-secure-boot)
-- [Enable virtualization-based security for kernel-mode code integrity](#enable-virtualization-based-security-for-kernel-mode-code-integrity)
+After you enable the feature or features, you can enable VBS for Device Guard, as described in the following sections.
 
-## Enable Unified Extensible Firmware Interface Secure Boot
+## Enable Virtualization Based Security (VBS)
 
-Before you begin this process, verify that the target device meets the hardware requirements for UEFI Secure Boot that are laid out in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). There are two options to configure UEFI Secure Boot: manual configuration of the appropriate registry keys and Group Policy deployment. Complete the following steps to manually configure UEFI Secure Boot on a computer running Windows 10.
+Before you begin this process, verify that the target device meets the hardware and firmware requirements for the features that you want, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). Also, confirm that you have enabled the Windows features discussed in the previous section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security).
 
-> **Note**&nbsp;&nbsp;There are two platform security levels for Secure Boot: stand-alone Secure Boot and Secure Boot with DMA protection. DMA protection provides additional memory protection but will be enabled only on systems whose processors include input/output memory management units (IOMMUs). Protection against driver-based attacks is provided only on systems that have IOMMUs and that have DMA protection enabled. For more information about how IOMMUs help protect against DMA attacks, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
+There are multiple ways to configure VBS features for Device Guard. You can use the [readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) rather than the procedures in this topic, or you can use the following procedures, either to configure the appropriate registry keys manually or to use Group Policy.
+
+> **Important**&nbsp;&nbsp;
+> - The settings in the following procedure include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can still have code integrity policies enabled.<br>For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).<br>
+> - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers.
+
+**To configure VBS manually**
 
 1.  Navigate to the **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard** registry subkey.
 
@@ -63,21 +66,27 @@ Before you begin this process, verify that the target device meets the hardware
     | ---------------- | ---------------- |
     | **1** enables the **Secure Boot** option<br>**3** enables the **Secure Boot and DMA protection** option | **1** enables the **Secure Boot** option<br>**2** enables the **Secure Boot and DMA protection** option |
 
-4.  Restart the client computer.
+4. With a supported operating system earlier than Windows 10, version 1607, or Windows Server 2016, skip this step, and remain in the same registry subkey.
 
-Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy UEFI Secure Boot to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups.
+    With Windows 10, version 1607, or Windows Server 2016, navigate to **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios**.
 
-> **Note**&nbsp;&nbsp;We recommend that you test-enable this feature on a group of test computers before you deploy it to users' computers.
+5. Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**.
 
-### Use Group Policy to deploy Secure Boot
+6.  Restart the client computer.
+
+Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy these features to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups.
+
+> **Note**&nbsp;&nbsp;We recommend that you test-enable these features on a group of test computers before you enable them on users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail.
+
+### Use Group Policy to enable VBS
 
 1.  To create a new GPO, right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**.
 
     ![Group Policy Management, create a GPO](images/dg-fig2-createou.png)
 
-    Figure 5. Create a new OU-linked GPO
+    Figure 2. Create a new OU-linked GPO
 
-2.  Give the new GPO a name, for example, **Contoso Secure Boot GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention.
+2.  Give the new GPO a name, for example, **Contoso VBS settings GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention.
 
 3.  Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**.
 
@@ -85,79 +94,34 @@ Unfortunately, it would be time consuming to perform these steps manually on eve
 
     ![Edit the group policy for Virtualization Based Security](images/dg-fig3-enablevbs.png)
 
-    Figure 6. Enable VBS
+    Figure 3. Enable VBS
 
-5.  Select the **Enabled** button, and then select **Secure Boot and DMA Protection** from the **Select Platform Security Level** list.
+5.  Select the **Enabled** button, and then choose a secure boot option, such as **Secure Boot**, from the **Select Platform Security Level** list.
 
     ![Group Policy, Turn On Virtualization Based Security](images/device-guard-gp.png)
 
-    Figure 7. Enable Secure Boot (in Windows 10, version 1607)
+    Figure 4. Configure VBS, Secure Boot setting (in Windows 10, version 1607)
 
-    > **Note**&nbsp;&nbsp;Device Guard Secure Boot is maximized when combined with DMA protection. If your hardware contains the IOMMUs required for DMA protection, be sure to select the **Secure Boot and DMA Protection** platform security level. If your hardware does not contain IOMMUs, there are several mitigations provided by leveraging Secure Boot without DMA Protection.
+    > **Important**&nbsp;&nbsp;These settings include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can have code integrity policies enabled.<br>For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
 
-6.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. After you configure this setting, UEFI Secure Boot will be enabled upon restart.
+6. For **Virtualization Based Protection of Code Integrity**, select the appropriate option:
 
-7.  Check the test computer’s event log for Device Guard GPOs.
-
-    Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy.
-
-## Enable virtualization-based security for kernel-mode code integrity
-
-Before you begin this process, verify that the desired computer meets the hardware requirements for VBS found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), and enable the Windows features discussed in the [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security) section. When validated, you can enable virtualization-based protection of KMCI in one of two ways: manual configuration of the appropriate registry subkeys and Group Policy deployment.
-
-> **Note**&nbsp;&nbsp;All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable this feature on a group of test computers before you enable it on users' computers.
-
-**To configure virtualization-based protection of KMCI manually:**
-
-1.  Navigate to the appropriate registry subkey: 
-
-    - With Windows 10, version 1607, or Windows Server 2016:<br>**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios**
-    
-    - With an earlier version of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:<br>**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard**
-
-2.  Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**.
-
-3.  Restart the client computer.
-
-It would be time consuming to perform these steps manually on every protected computer in your enterprise. Instead, use Group Policy to deploy virtualization-based protection of KMCI. This example creates a test OU called *DG Enabled PCs*, which you will use to link the GPO. If you prefer to link the policy to an existing OU rather than create a test OU and scope the policy by using appropriately named computer security groups, that is another option.
-
-> **Note**&nbsp;&nbsp;We recommend that you test-enable this feature on a group of test computers before you deploy it to users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail.
-
-**To use Group Policy to configure VBS of KMCI:**
-
-1.  Create a new GPO: Right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**.
-
-    ![Group Policy Management, create a GPO](images/dg-fig5-createnewou.png)
-
-    Figure 2. Create a new OU-linked GPO
-
-2.  Give the new GPO a name, for example, **Contoso VBS CI Protection GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention.
-
-3.  Open the Group Policy Management Editor: Right-click the new GPO, and then click **Edit**.
-
-4.  Within the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
-
-    ![Edit the group policy for Virtualization Based Security](images/dg-fig6-enablevbs.png)
-
-    Figure 3. Enable VBS
-
-5.  Select the **Enabled** button, and then for **Virtualization Based Protection of Code Integrity**, select the appropriate option:
-
-    - With Windows 10, version 1607 or Windows Server 2016, choose an enabled option:<br>For an initial deployment or test deployment, we recommend **Enabled without UEFI lock**.<br>When your deployment is stable in your environment, we recommend changing to **Enabled with UEFI lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person.
+    - With Windows 10, version 1607 or Windows Server 2016, choose an appropriate option:<br>For an initial deployment or test deployment, we recommend **Enabled without lock**.<br>When your deployment is stable in your environment, we recommend changing to **Enabled with lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person.
 
     - With earlier versions of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:<br>Select the **Enable Virtualization Based Protection of Code Integrity** check box.
 
     ![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png)
 
-    Figure 4. Enable VBS of KMCI (in Windows 10, version 1607)
+    Figure 5. Configure VBS, Lock setting (in Windows 10, version 1607)
 
-6.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. With this setting configured, the VBS of the KMCI will take effect upon restart.
+7.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart.
 
-7.  Check the test client event log for Device Guard GPOs.
+8.  Check the test computer’s event log for Device Guard GPOs.
 
-    Processed Device Guard policies are logged in event viewer under **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy has been successfully processed, event ID 7000 is logged, which contains the selected settings within the policy.
+    Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy.
 
-**Validate enabled Device Guard hardware-based security features**
+
+### Validate enabled Device Guard hardware-based security features
 
 Windows 10 and Windows Server 2016 and later have a WMI class for Device Guard–related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command:
 
@@ -258,11 +222,11 @@ Table 1. Win32\_DeviceGuard properties
 </tbody>
 </table>
 
-Another method to determine the available and enabled Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 11.
+Another method to determine the available and enabled Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 6.
 
 ![Device Guard properties in the System Summary](images/dg-fig11-dgproperties.png)
 
-Figure 11. Device Guard properties in the System Summary
+Figure 6. Device Guard properties in the System Summary
 
 ## Related topics
 
diff --git a/windows/keep-secure/device-guard-deployment-guide.md b/windows/keep-secure/device-guard-deployment-guide.md
index 602bfdf4e3..cf8c3bd107 100644
--- a/windows/keep-secure/device-guard-deployment-guide.md
+++ b/windows/keep-secure/device-guard-deployment-guide.md
@@ -15,7 +15,7 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016
 
-Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
+Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 (available in Enterprise and Education desktop SKUs and in all Server SKUs) to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
 
 This guide explores the individual features in Device Guard as well as how to plan for, configure, and deploy them. It includes:
 
diff --git a/windows/keep-secure/dynamic-access-control.md b/windows/keep-secure/dynamic-access-control.md
index 643a78aa1c..466562cc90 100644
--- a/windows/keep-secure/dynamic-access-control.md
+++ b/windows/keep-secure/dynamic-access-control.md
@@ -16,7 +16,7 @@ This overview topic for the IT professional describes Dynamic Access Control and
 
 Domain-based Dynamic Access Control enables administrators to apply access-control permissions and restrictions based on well-defined rules that can include the sensitivity of the resources, the job or role of the user, and the configuration of the device that is used to access these resources.
 
-For example, a user might have different permissions when they access a resource from their office computer versus when they are using a portable computer over a virtual private network. Or access may be allowed only if a device meets the security requirements that are defined by the network administrators. When Dynamic Access Control is used, a user’s permissions change dynamically without additional administrator intervention if the user’s job or role changes (resulting in changes to the user’s account attributes in AD DS).
+For example, a user might have different permissions when they access a resource from their office computer versus when they are using a portable computer over a virtual private network. Or access may be allowed only if a device meets the security requirements that are defined by the network administrators. When Dynamic Access Control is used, a user’s permissions change dynamically without additional administrator intervention if the user’s job or role changes (resulting in changes to the user’s account attributes in AD DS). For more detailed examples of Dynamic Access Control in use, see the scenarios described in [Dynamic Access Control: Scenario Overview](https://technet.microsoft.com/windows-server-docs/identity/solution-guides/dynamic-access-control--scenario-overview).
 
 Dynamic Access Control is not supported in Windows operating systems prior to Windows Server 2012 and Windows 8. When Dynamic Access Control is configured in environments with supported and non-supported versions of Windows, only the supported versions will implement the changes.
 
diff --git a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
index 28f0292d02..e3c6cbddf6 100644
--- a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
+++ b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
@@ -17,7 +17,7 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
-In Windows 10, Version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
+In Windows 10, version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
 
 ![Sign in to a device](images/phone-signin-menu.png)
 
diff --git a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
index 72171eec5e..82a3908d87 100644
--- a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: detect
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: dulcemv
 ---
 
@@ -30,13 +31,13 @@ These applications can increase the risk of your network being infected with mal
 
 Since the stakes are higher in an enterprise environment, the potential disaster and potential productivity and performance disruptions that PUA brings can be a cause of concern. Hence, it is important to deliver trusted protection in this field.
 
-##Enable PUA protection in SCCM and Intune
+##Enable PUA protection in System Center Configuration Manager and Intune
 
-The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Intune in their infrastructure.
+The PUA feature is available for enterprise users who are running System Center Configuration Manager or Intune in their infrastructure.
 
-###Configure PUA in SCCM
+###Configure PUA in System Center Configuration Manager
 
-For SCCM users, PUA is enabled by default. See the following topics for configuration details:
+For System Center Configuration Manager users, PUA is enabled by default. See the following topics for configuration details:
 
 If you are using these versions | See these topics
 :---|:---
@@ -44,24 +45,24 @@ System Center Configuration Manager (current branch) version 1606 | [Create a ne
 System Center 2012 R2 Endpoint Protection<br>System Center 2012 Configuration Manager<br>System Center 2012 Configuration Manager SP1<br>System Center 2012 Configuration Manager SP2<br>System Center 2012 R2 Configuration Manager<br>System Center 2012 Endpoint Protection SP1<br>System Center 2012 Endpoint Protection<br>System Center 2012 R2 Configuration Manager SP1| [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA)
 
 <br>
-###Use PUA audit mode in SCCM
+###Use PUA audit mode in System Center Configuration Manager
 
 You can use PowerShell to detect PUA without blocking them. In fact, you can run audit mode on individual machines. This feature is useful if your company is conducting an internal software security compliance check and you’d like to avoid any false positives.
 
-1. Open PowerShell as Administrator <br>
+1. Open PowerShell as Administrator: <br>
 
     a.  Click **Start**, type **powershell**, and press **Enter**.
-
+    
     b.  Click **Windows PowerShell** to open the interface.
-    > [!NOTE]
-    > You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+    >[!NOTE]
+    >You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
 2. Enter the PowerShell command:
 
   ```text
-  et-mpPreference -puaprotection 2
+  set-mpPreference -puaprotection 2
   ```
 > [!NOTE]
-> PUA events are reported in the Windows Event Viewer and not in SCCM.  
+> PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager.  
 
 
 ###Configure PUA in Intune
@@ -71,11 +72,26 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run
 
 ###Use PUA audit mode in Intune
 
- You can detect PUA without blocking them from your client. Gain insights into what can be blocked.
+ You can detect PUA without blocking them from your client so you can gain insights into what can be blocked.
+
+1. Open PowerShell as Administrator: <br>
+
+    a.  Click **Start**, type **powershell**, and press **Enter**.
+    
+    b.  Click **Windows PowerShell** to open the interface.
+    
+    >[!NOTE]
+    >You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+    
+2. Enter the PowerShell command:
+
+  ```text
+  set-mpPreference -puaprotection 1
+  ```
 
 ##View PUA events
 
-PUA events are reported in the Windows Event Viewer and not in SCCM or Intune. To view PUA events:
+PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune. To view PUA events:
 
 1.  Open **Event Viewer**.
 2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**.
diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
index 99a69f1d26..9793cfc53f 100644
--- a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
@@ -44,7 +44,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
 
 -   Microsoft Photos
 
--   Microsoft OneDrive
+<!-- Microsoft OneDrive -->
 
 -   Groove Music
 
@@ -62,7 +62,6 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
 |Product name |App info |
 |-------------|---------|
 |Microsoft Edge |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.MicrosoftEdge<br>**App Type:** Universal app |
-|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** iexplore.exe<br>**App Type:** Desktop app |
 |Microsoft People |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.People<br>**App Type:** Universal app |
 |Word Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Word<br>**App Type:** Universal app |
 |Excel Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Excel<br>**App Type:** Universal app |
@@ -70,9 +69,10 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
 |OneNote |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.OneNote<br>**App Type:** Universal app |
 |Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.windowscommunicationsapps<br>**App Type:** Universal app |
 |Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Windows.Photos<br>**App Type:** Universal app |
-|Microsoft OneDrive |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.microsoftskydrive<br>**App Type:** Universal app |
 |Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneMusic<br>**App Type:** Universal app |
-|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** notepad.exe<br>**App Type:** Desktop app |
-|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** mspaint.exe<br>**App Type:** Desktop app |
 |Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneVideo<br>**App Type:** Universal app |
-|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Messaging<br>**App Type:** Universal app |
\ No newline at end of file
+|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Messaging<br>**App Type:** Universal app |
+|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** iexplore.exe<br>**App Type:** Desktop app |
+|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** onedrive.exe<br>**App Type:** Desktop app|
+|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** notepad.exe<br>**App Type:** Desktop app |
+|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mspaint.exe<br>**App Type:** Desktop app |
\ No newline at end of file
diff --git a/windows/keep-secure/event-4706.md b/windows/keep-secure/event-4706.md
index 936468b4c3..8681185c08 100644
--- a/windows/keep-secure/event-4706.md
+++ b/windows/keep-secure/event-4706.md
@@ -108,7 +108,7 @@ This event is generated only on domain controllers.
 |-------|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 1     | TRUST\_TYPE\_DOWNLEVEL | The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | 2     | TRUST\_TYPE\_UPLEVEL   | The domain controller of the trusted domain is a computer running Windows 2000 or later.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
-| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
+| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
 | 4     | TRUST\_TYPE\_DCE       | The trusted domain is a DCE realm. Historical reference, this value is not used in Windows.                                                                                                                                                                                                                                                                                                                                                                                                                                                |
 
 -   **Trust Direction** \[Type = UInt32\]**:** the direction of new trust. The following table contains possible values for this field:
@@ -131,7 +131,7 @@ This event is generated only on domain controllers.
 | 0x10  | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION                      | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                                                                                                                                        |
 | 0x20  | TRUST\_ATTRIBUTE\_WITHIN\_FOREST                           | If this bit is set, then the trusted domain is within the same forest.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x40  | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL                      | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Only evaluated if SID Filtering is used.<br>Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
-| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](http://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
+| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
 | 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST                               | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater.                                                                                                                                                                                                                                                                                                                                   |
 
diff --git a/windows/keep-secure/event-4716.md b/windows/keep-secure/event-4716.md
index 65ea86275d..6f8731a019 100644
--- a/windows/keep-secure/event-4716.md
+++ b/windows/keep-secure/event-4716.md
@@ -108,7 +108,7 @@ This event is generated only on domain controllers.
 |-------|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 1     | TRUST\_TYPE\_DOWNLEVEL | The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | 2     | TRUST\_TYPE\_UPLEVEL   | The domain controller of the trusted domain is a computer running Windows 2000 or later.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
-| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
+| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
 | 4     | TRUST\_TYPE\_DCE       | The trusted domain is a DCE realm. Historical reference, this value is not used in Windows.                                                                                                                                                                                                                                                                                                                                                                                                                                                |
 
 -   **Trust Direction** \[Type = UInt32\]**:** the direction of new trust. If this attribute was not changed, then it will have “**-**“ value or its old value. The following table contains possible values for this field:
@@ -131,7 +131,7 @@ This event is generated only on domain controllers.
 | 0x10  | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION                      | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                                                                                                                                        |
 | 0x20  | TRUST\_ATTRIBUTE\_WITHIN\_FOREST                           | If this bit is set, then the trusted domain is within the same forest.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x40  | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL                      | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Only evaluated if SID Filtering is used.<br>Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
-| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](http://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
+| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
 | 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST                               | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater.                                                                                                                                                                                                                                                                                                                                   |
 
diff --git a/windows/keep-secure/event-4826.md b/windows/keep-secure/event-4826.md
index 989ba1f6e1..c8213b2290 100644
--- a/windows/keep-secure/event-4826.md
+++ b/windows/keep-secure/event-4826.md
@@ -118,7 +118,7 @@ This event is always logged regardless of the "Audit Other Policy Change Events"
 
 -   **HyperVisor Load Options** \[Type = UnicodeString\]**:** shows hypervisor **loadoptions**. See more information here: <https://msdn.microsoft.com/en-us/library/windows/hardware/ff542202(v=vs.85).aspx>.
 
--   **HyperVisor Launch Type** \[Type = UnicodeString\]**:** shows the hypervisor launch options (**Off** or **Auto**). If you are setting up a debugger to debug Hyper-V on a target computer, set this option to **Auto** on the target computer. For more information, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/en-us/library/windows/hardware/ff538138(v=vs.85).aspx). Information about [Hyper-V](http://go.microsoft.com/fwlink/p/?linkid=271817) technology is available on Microsoft TechNet web site.
+-   **HyperVisor Launch Type** \[Type = UnicodeString\]**:** shows the hypervisor launch options (**Off** or **Auto**). If you are setting up a debugger to debug Hyper-V on a target computer, set this option to **Auto** on the target computer. For more information, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/en-us/library/windows/hardware/ff538138(v=vs.85).aspx). Information about [Hyper-V](https://go.microsoft.com/fwlink/p/?linkid=271817) technology is available on Microsoft TechNet web site.
 
 -   **HyperVisor Debugging** \[Type = UnicodeString\]**:** shows whether the hypervisor debugger is enabled or not (**Yes** or **No**). For information about hypervisor debugging, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/en-us/library/windows/hardware/ff538138(v=vs.85).aspx).
 
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index 3dd165c68a..cdde9f9522 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: iaanw
+localizationpriority: high
 ---
 
 
@@ -17,12 +18,12 @@ author: iaanw
 
 - Event Viewer
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/en-US/library/aa745633(v=bts.10).aspx) on individual endpoints.
+You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
 
 For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
 
diff --git a/windows/keep-secure/gathering-information-about-your-devices.md b/windows/keep-secure/gathering-information-about-your-devices.md
index 7f4692a95a..3643e51814 100644
--- a/windows/keep-secure/gathering-information-about-your-devices.md
+++ b/windows/keep-secure/gathering-information-about-your-devices.md
@@ -45,7 +45,7 @@ Using an automated auditing network management system provides valuable informat
 
 The biggest difference between manual discovery methods and automated methods is time.
 
-You can use Windows PowerShell to create a script file that can collect the system configuration information. For more information, see [Windows PowerShell Scripting](http://go.microsoft.com/fwlink/?linkid=110413).
+You can use Windows PowerShell to create a script file that can collect the system configuration information. For more information, see [Windows PowerShell Scripting](https://go.microsoft.com/fwlink/?linkid=110413).
 
 Whether you use an automatic, manual, or hybrid option to gather the information, one of the biggest issues that can cause problems to the design is capturing the changes between the original inventory scan and the point at which the implementation is ready to start. After the first scan has been completed, make support staff aware that all additional changes must be recorded and the updates noted in the inventory.
 
diff --git a/windows/keep-secure/gathering-other-relevant-information.md b/windows/keep-secure/gathering-other-relevant-information.md
index 83ee00960a..85e9be98dc 100644
--- a/windows/keep-secure/gathering-other-relevant-information.md
+++ b/windows/keep-secure/gathering-other-relevant-information.md
@@ -52,7 +52,7 @@ In some cases, IPsec-secured traffic might have to pass through a router, perime
 
 In the case of a filtering router or a firewall, you must configure these devices to allow IPsec traffic to be forwarded. Configure the firewall to allow IPsec traffic on UDP source and destination port 500 (IKE), UDP source and destination port 4500 (IPsec NAT-T), and IP Protocol 50 (ESP). You might also have to configure the firewall to allow IPsec traffic on IP protocol 51 (AH) to allow troubleshooting by IPsec administrators and to allow the IPsec traffic to be inspected.
 
-For more info, see [How to Enable IPsec Traffic Through a Firewall](http://go.microsoft.com/fwlink/?LinkId=45085).
+For more info, see [How to Enable IPsec Traffic Through a Firewall](https://go.microsoft.com/fwlink/?LinkId=45085).
 
 ## Network load balancing and server clusters
 
diff --git a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
index fe5431ac69..f7c920bb4f 100644
--- a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
diff --git a/windows/keep-secure/guidance-and-best-practices-wip.md b/windows/keep-secure/guidance-and-best-practices-wip.md
index ae142779a5..b64a82a6e0 100644
--- a/windows/keep-secure/guidance-and-best-practices-wip.md
+++ b/windows/keep-secure/guidance-and-best-practices-wip.md
@@ -23,6 +23,6 @@ This section includes info about the enlightened Microsoft apps, including how t
 |Topic |Description |
 |------|------------|
 |[Windows Information Protection (WIP) overview](wip-enterprise-overview.md) |High-level overview info about why to use WIP, the enterprise scenarios, and how to turn it off. |
-|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as Windows Information Protection (WIP), in your enterprise. |
+|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise. |
 |[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. |
 |[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |We've come up with a list of suggested testing scenarios that you can use to test WIP in your company. |
\ No newline at end of file
diff --git a/windows/keep-secure/images/intune-add-applocker-xml-file.png b/windows/keep-secure/images/intune-add-applocker-xml-file.png
index 8829c070a6..3ceabfd15a 100644
Binary files a/windows/keep-secure/images/intune-add-applocker-xml-file.png and b/windows/keep-secure/images/intune-add-applocker-xml-file.png differ
diff --git a/windows/keep-secure/images/intune-add-classic-apps.png b/windows/keep-secure/images/intune-add-classic-apps.png
index bf4e5792c1..09bbda3a06 100644
Binary files a/windows/keep-secure/images/intune-add-classic-apps.png and b/windows/keep-secure/images/intune-add-classic-apps.png differ
diff --git a/windows/keep-secure/images/intune-add-uwp-apps.png b/windows/keep-secure/images/intune-add-uwp-apps.png
index 933cd9addf..17a97b8d3a 100644
Binary files a/windows/keep-secure/images/intune-add-uwp-apps.png and b/windows/keep-secure/images/intune-add-uwp-apps.png differ
diff --git a/windows/keep-secure/images/intune-corporate-identity.png b/windows/keep-secure/images/intune-corporate-identity.png
index 4ffb6223ea..808de2db0e 100644
Binary files a/windows/keep-secure/images/intune-corporate-identity.png and b/windows/keep-secure/images/intune-corporate-identity.png differ
diff --git a/windows/keep-secure/images/intune-createnewpolicy.png b/windows/keep-secure/images/intune-createnewpolicy.png
index 26ab066343..3f7b7af6b6 100644
Binary files a/windows/keep-secure/images/intune-createnewpolicy.png and b/windows/keep-secure/images/intune-createnewpolicy.png differ
diff --git a/windows/keep-secure/images/intune-data-recovery.png b/windows/keep-secure/images/intune-data-recovery.png
index 32d7282110..f889dbca48 100644
Binary files a/windows/keep-secure/images/intune-data-recovery.png and b/windows/keep-secure/images/intune-data-recovery.png differ
diff --git a/windows/keep-secure/images/intune-generalinfo.png b/windows/keep-secure/images/intune-generalinfo.png
index c740cad913..70e726d379 100644
Binary files a/windows/keep-secure/images/intune-generalinfo.png and b/windows/keep-secure/images/intune-generalinfo.png differ
diff --git a/windows/keep-secure/images/intune-groupselection.png b/windows/keep-secure/images/intune-groupselection.png
index 992d7a52cf..e48b59aa4b 100644
Binary files a/windows/keep-secure/images/intune-groupselection.png and b/windows/keep-secure/images/intune-groupselection.png differ
diff --git a/windows/keep-secure/images/intune-groupselection_vpnlink.png b/windows/keep-secure/images/intune-groupselection_vpnlink.png
new file mode 100644
index 0000000000..6aa8f89355
Binary files /dev/null and b/windows/keep-secure/images/intune-groupselection_vpnlink.png differ
diff --git a/windows/keep-secure/images/intune-managedeployment.png b/windows/keep-secure/images/intune-managedeployment.png
index 93d37116ef..6786a93416 100644
Binary files a/windows/keep-secure/images/intune-managedeployment.png and b/windows/keep-secure/images/intune-managedeployment.png differ
diff --git a/windows/keep-secure/images/intune-network-detection-boxes.png b/windows/keep-secure/images/intune-network-detection-boxes.png
index 256b586c70..bc801a8521 100644
Binary files a/windows/keep-secure/images/intune-network-detection-boxes.png and b/windows/keep-secure/images/intune-network-detection-boxes.png differ
diff --git a/windows/keep-secure/images/intune-networklocation.png b/windows/keep-secure/images/intune-networklocation.png
index 058aaec38e..64d9ebda26 100644
Binary files a/windows/keep-secure/images/intune-networklocation.png and b/windows/keep-secure/images/intune-networklocation.png differ
diff --git a/windows/keep-secure/images/intune-optional-settings.png b/windows/keep-secure/images/intune-optional-settings.png
index 2d2bf90bb1..3ec8bec32d 100644
Binary files a/windows/keep-secure/images/intune-optional-settings.png and b/windows/keep-secure/images/intune-optional-settings.png differ
diff --git a/windows/keep-secure/images/intune-protection-mode.png b/windows/keep-secure/images/intune-protection-mode.png
index 80804f7946..b3340d6e4f 100644
Binary files a/windows/keep-secure/images/intune-protection-mode.png and b/windows/keep-secure/images/intune-protection-mode.png differ
diff --git a/windows/keep-secure/images/intune-vpn-customconfig.png b/windows/keep-secure/images/intune-vpn-customconfig.png
index 1e1dd0345b..cf9f85181a 100644
Binary files a/windows/keep-secure/images/intune-vpn-customconfig.png and b/windows/keep-secure/images/intune-vpn-customconfig.png differ
diff --git a/windows/keep-secure/images/intune-vpn-edpmodeid.png b/windows/keep-secure/images/intune-vpn-edpmodeid.png
deleted file mode 100644
index 80852af30d..0000000000
Binary files a/windows/keep-secure/images/intune-vpn-edpmodeid.png and /dev/null differ
diff --git a/windows/keep-secure/images/intune-vpn-omaurisettings.png b/windows/keep-secure/images/intune-vpn-omaurisettings.png
index 382301498e..c7016e13c4 100644
Binary files a/windows/keep-secure/images/intune-vpn-omaurisettings.png and b/windows/keep-secure/images/intune-vpn-omaurisettings.png differ
diff --git a/windows/keep-secure/images/intune-vpn-wipmodeid.png b/windows/keep-secure/images/intune-vpn-wipmodeid.png
index 80852af30d..6c45fd0a25 100644
Binary files a/windows/keep-secure/images/intune-vpn-wipmodeid.png and b/windows/keep-secure/images/intune-vpn-wipmodeid.png differ
diff --git a/windows/keep-secure/images/security-fig2-vbsarchitecture-redo.png b/windows/keep-secure/images/security-fig2-vbsarchitecture-redo.png
new file mode 100644
index 0000000000..6bcddd364a
Binary files /dev/null and b/windows/keep-secure/images/security-fig2-vbsarchitecture-redo.png differ
diff --git a/windows/keep-secure/images/wip-sccm-add-network-domain.png b/windows/keep-secure/images/wip-sccm-add-network-domain.png
index 505a3ca5fe..6f5e80d670 100644
Binary files a/windows/keep-secure/images/wip-sccm-add-network-domain.png and b/windows/keep-secure/images/wip-sccm-add-network-domain.png differ
diff --git a/windows/keep-secure/images/wip-sccm-addapplockerfile.png b/windows/keep-secure/images/wip-sccm-addapplockerfile.png
index 36d4508747..6cd571b404 100644
Binary files a/windows/keep-secure/images/wip-sccm-addapplockerfile.png and b/windows/keep-secure/images/wip-sccm-addapplockerfile.png differ
diff --git a/windows/keep-secure/images/wip-sccm-adddesktopapp.png b/windows/keep-secure/images/wip-sccm-adddesktopapp.png
index 18b1970f81..e6c9769e68 100644
Binary files a/windows/keep-secure/images/wip-sccm-adddesktopapp.png and b/windows/keep-secure/images/wip-sccm-adddesktopapp.png differ
diff --git a/windows/keep-secure/images/wip-sccm-additionalsettings.png b/windows/keep-secure/images/wip-sccm-additionalsettings.png
index 3bd31c8e27..4b66070098 100644
Binary files a/windows/keep-secure/images/wip-sccm-additionalsettings.png and b/windows/keep-secure/images/wip-sccm-additionalsettings.png differ
diff --git a/windows/keep-secure/images/wip-sccm-addpolicy.png b/windows/keep-secure/images/wip-sccm-addpolicy.png
index d506a859a2..49613b5587 100644
Binary files a/windows/keep-secure/images/wip-sccm-addpolicy.png and b/windows/keep-secure/images/wip-sccm-addpolicy.png differ
diff --git a/windows/keep-secure/images/wip-sccm-adduniversalapp.png b/windows/keep-secure/images/wip-sccm-adduniversalapp.png
index cd8b78c72d..8d1815ddf9 100644
Binary files a/windows/keep-secure/images/wip-sccm-adduniversalapp.png and b/windows/keep-secure/images/wip-sccm-adduniversalapp.png differ
diff --git a/windows/keep-secure/images/wip-sccm-appmgmt.png b/windows/keep-secure/images/wip-sccm-appmgmt.png
index 52a6ef5fd9..495fdfdb95 100644
Binary files a/windows/keep-secure/images/wip-sccm-appmgmt.png and b/windows/keep-secure/images/wip-sccm-appmgmt.png differ
diff --git a/windows/keep-secure/images/wip-sccm-devicesettings.png b/windows/keep-secure/images/wip-sccm-devicesettings.png
index 1573ef06d7..bee8ddfb1a 100644
Binary files a/windows/keep-secure/images/wip-sccm-devicesettings.png and b/windows/keep-secure/images/wip-sccm-devicesettings.png differ
diff --git a/windows/keep-secure/images/wip-sccm-dra.png b/windows/keep-secure/images/wip-sccm-dra.png
index d823ecb78d..cc58cdb34a 100644
Binary files a/windows/keep-secure/images/wip-sccm-dra.png and b/windows/keep-secure/images/wip-sccm-dra.png differ
diff --git a/windows/keep-secure/images/wip-sccm-generalscreen.png b/windows/keep-secure/images/wip-sccm-generalscreen.png
index e0013f5b2d..c2c85c62d4 100644
Binary files a/windows/keep-secure/images/wip-sccm-generalscreen.png and b/windows/keep-secure/images/wip-sccm-generalscreen.png differ
diff --git a/windows/keep-secure/images/wip-sccm-optsettings.png b/windows/keep-secure/images/wip-sccm-optsettings.png
index 65365356da..c52e7a4fdb 100644
Binary files a/windows/keep-secure/images/wip-sccm-optsettings.png and b/windows/keep-secure/images/wip-sccm-optsettings.png differ
diff --git a/windows/keep-secure/images/wip-sccm-summaryscreen.png b/windows/keep-secure/images/wip-sccm-summaryscreen.png
index 2cbb827d7a..5cae0416bd 100644
Binary files a/windows/keep-secure/images/wip-sccm-summaryscreen.png and b/windows/keep-secure/images/wip-sccm-summaryscreen.png differ
diff --git a/windows/keep-secure/images/wip-sccm-supportedplat.png b/windows/keep-secure/images/wip-sccm-supportedplat.png
index 7add4926a9..c09ff3cfc3 100644
Binary files a/windows/keep-secure/images/wip-sccm-supportedplat.png and b/windows/keep-secure/images/wip-sccm-supportedplat.png differ
diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
index 2dc4c2628a..83ab70e1d8 100644
--- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
+++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
@@ -18,9 +18,11 @@ localizationpriority: high
 -   Windows 10 Mobile
 
 You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
-> **Important:**  The Group Policy setting **Turn on PIN sign-in** does not apply to Windows 10. Use **Windows Hello for Business** policy settings to manage PINs.
+
+>[!IMPORTANT]
+>The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers.  To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. Use **Windows Hello for Business** policy settings to manage PINs.
  
-## Group Policy settings for Passport
+## Group Policy settings for Windows Hello for Businness
 
 The following table lists the Group Policy settings that you can configure for Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Hello for Business**.
 
@@ -139,9 +141,13 @@ The following table lists the Group Policy settings that you can configure for H
 </tr>
 </table>
 
-## MDM policy settings for Passport
+## MDM policy settings for Windows Hello for Business
+
+The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkId=692070).
+
+>[!IMPORTANT]
+>Starting in Windows 10, version 1607, all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP. 
 
-The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=692070).
 <table>
 <tr>
 <th colspan="2">Policy</th>
@@ -285,8 +291,8 @@ The following table lists the MDM policy settings that you can configure for Win
 </tr>
 </table>
 
-**Note**  
-If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
+>[!NOTE]  
+> If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
  
 ## Prerequisites
 
@@ -317,7 +323,7 @@ You’ll need this software to set Windows Hello for Business policies in your e
 </ul></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>A few Windows Server 2016 domain controllers on-site</li>
 <li>A management solution, such as Configuration Manager, Group Policy, or MDM</li>
 <li>Active Directory Certificate Services (AD CS) without Network Device Enrollment Service (NDES)</li>
@@ -338,9 +344,8 @@ You’ll need this software to set Windows Hello for Business policies in your e
 </ul></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>AD CS with NDES</li>
-<<<<<<< HEAD
 <li>Configuration Manager for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
 </ul></td>
 </tr>
@@ -356,7 +361,7 @@ Azure AD provides the ability to register devices with your enterprise and to pr
 
 Windows Hello can be managed on personal devices that your employees use for work purposes using MDM. On personal devices, users can create a personal Windows Hello PIN for unlocking the device and used this PIN for access to work resources.
 
-The PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The PIN can also be managed using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+The PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The PIN can also be managed using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ## Related topics
 
diff --git a/windows/keep-secure/index.md b/windows/keep-secure/index.md
index 059e35186e..bae0757612 100644
--- a/windows/keep-secure/index.md
+++ b/windows/keep-secure/index.md
@@ -6,7 +6,6 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-localizationpriority: high
 author: brianlic-msft
 ---
 # Keep Windows 10 secure
diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index a1d2220641..8670def085 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -106,13 +106,13 @@ Some systems may have multiple TPMs and the active TPM may be toggled in the BIO
 
 ## <a href="" id="bkmk-onoff"></a>Turn on or turn off the TPM
 
-Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
+Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. This option is only available with TPM 1.2 and does not apply to TPM 2.0.
 
 ### <a href="" id="turn-on-the-tpm-"></a>Turn on the TPM
 
 If the TPM has been initialized but has never been used, or if you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
 
-**To turn on the TPM**
+**To turn on the TPM (TPM 1.2 Only)**
 
 1.  Open the TPM MMC (tpm.msc).
 2.  In the **Action** pane, click **Turn TPM On** to display the **Turn on the TPM Security Hardware** page. Read the instructions on this page.
@@ -125,7 +125,7 @@ If the TPM has been initialized but has never been used, or if you want to use t
 If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM. If you have the TPM owner password, physical access to the computer is not required to turn off the TPM. If you do not have the TPM owner password, you must have physical access to the 
 computer to turn off the TPM.
 
-**To turn off the TPM**
+**To turn off the TPM (TPM 1.2 only)**
 
 1.  Open the TPM MMC (tpm.msc).
 2.  In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
@@ -156,13 +156,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
     
     Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data that is protected by those keys.
      
-4.  In the **Clear the TPM security hardware** dialog box, select one of the following methods to enter your password and clear the TPM:
-    -   If you have the removable storage device with your saved TPM owner password, insert it, and click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, use **Browse** to navigate to the .tpm file that is saved on your removable storage device. Click **Open**, and then click **Clear TPM**.
-    -   If you do not have the removable storage device with your saved password, click **I want to enter the owner password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and click **Clear TPM**.
-    -   If you do not know your TPM owner password, click **I don't have the TPM owner password**, and follow the instructions that are provided to clear the TPM without entering the password.
-    >**Note:**  If you have physical access to the computer, you can clear the TPM and perform a limited number of management tasks without entering the TPM owner password.
-     
-    The status of your TPM is displayed under **Status** in TPM MMC.
+4.  You will be prompted to restart the computer. During the restart, you will be prompted by the BIOS or UEFI to press a button to confirm you wish to clear the TPM.
 
 ## <a href="" id="bkmk-tpmcmdlets"></a>Use the TPM cmdlets
 
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 575bf12fee..11d5fe781d 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -25,7 +25,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 
 
 **Warning**  
-In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](http://go.microsoft.com/fwlink/p/?LinkId=786764)
+In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
 
 ## Install certificates using Microsoft Edge
 
@@ -38,7 +38,7 @@ The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx
 ## Install certificates using mobile device management (MDM)
 
 Windows 10 Mobile supports root, CA, and client certificate to be configured via MDM. Using MDM, an administrator can directly add, delete, or query root and CA certificates, and configure the device to enroll a client certificate with a certificate enrollment server that supports Simple Certificate Enrollment Protocol (SCEP). SCEP enrolled client certificates are used by Wi-Fi, VPN, email, and browser for certificate-based client authentication. An MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
-> **Warning:**  Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=718216).
+> **Warning:**  Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
  
 **Process of installing certificates using MDM**
 
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index 8bd01c944f..ef95089b35 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -56,25 +57,25 @@ Some actor profiles include a link to download a more comprehensive threat intel
 ![A detailed view of an alert when clicked](images/alert-details.png)
 
 ## Incident graph
-The incident graph provides a visual representation of where an alert was seen, events that triggered the alert, and which other machines are affected by the event. It provides an illustrated alert footprint on the original machine and expands to show the footprint of each alert event on other machines. 
+The incident graph provides a visual representation of where an alert was seen, events that triggered the alert, and which other machines are affected by the event. It provides an illustrated alert footprint on the original machine and expands to show the footprint of each alert event on other machines.
 
-You can click the circles on the incident graph to expand the nodes and view the associated events or files related to the alert. 
+You can click the circles on the incident graph to expand the nodes and view the associated events or files related to the alert.
 
 ## Alert spotlight
 The alert spotlight feature helps ease investigations by highlighting alerts related to a specific machine and events. You can highlight an alert and its related events in the machine timeline to increase your focus during an investigation.
 
-You can click on the machine link from the alert view to see the alerts related to the machine. 
+You can click on the machine link from the alert view to see the alerts related to the machine.
 
 
   > [!NOTE]
   > This shortcut is not available from the Incident graph machine links.  
 
-Alerts related to the machine are displayed under the **Alerts related to this machine** section. 
-Clicking on an alert row takes you the to the date in which the alert was flagged on **Machine timeline**. This eliminates the need to manually filter and drag the machine timeline marker to when the alert was seen on that machine. 
+Alerts related to the machine are displayed under the **Alerts related to this machine** section.
+Clicking on an alert row takes you the to the date in which the alert was flagged on **Machine timeline**. This eliminates the need to manually filter and drag the machine timeline marker to when the alert was seen on that machine.
 
-You can also choose to highlight an alert from the **Alerts related to this machine** or from the  **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine. Right-click on any alert from either section and select **Mark related events**. This highlights alerts and events that are related and helps differentiate between the other alerts listed in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviours**, or **Verbose**. 
+You can also choose to highlight an alert from the **Alerts related to this machine** or from the  **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine. Right-click on any alert from either section and select **Mark related events**. This highlights alerts and events that are related and helps differentiate between the other alerts listed in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviours**, or **Verbose**.
 
-You can also remove the highlight by right-clicking a highlighted alert and selecting **Unmark related events**. 
+You can also remove the highlight by right-clicking a highlighted alert and selecting **Unmark related events**.
 
 
 ### Related topics
diff --git a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
index d138e36e1f..4e52c15a2e 100644
--- a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -1,20 +1,21 @@
 ---
 title: Investigate Windows Defender Advanced Threat Protection domains
 description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
-keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL 
+keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Investigate a domain associated with a Windows Defender ATP alert
 
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
index 6c1309102d..51e68f1fee 100644
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@@ -8,13 +8,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Investigate a file associated with a Windows Defender ATP alert
 
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -66,7 +67,7 @@ In the file's page, **Submit for deep analysis** is enabled when the file is ava
 > [!NOTE]
 > Only files from Windows 10 can be automatically collected.
 
-You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/en-us/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
+You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
 
 > [!NOTE]
 > Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP.
@@ -88,7 +89,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
 A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done.
 
 > [!NOTE]
-> Depending on machine availability, sample collection time can vary. There is a 1-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
+> Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
 
 ## View deep analysis report
 
diff --git a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
index dd72b28bc9..381ee7be12 100644
--- a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -8,13 +8,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Investigate an IP address associated with a Windows Defender ATP alert
 
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index 7eae125102..fb34c03d1f 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Investigate machines in the Windows Defender ATP Machines view
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -39,7 +40,7 @@ The Machines view contains the following columns:
 - **Active malware detections** - the number of active malware detections reported by the machine
 
 > [!NOTE]
-> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 Click any column header to sort the view in ascending or descending order.
 
diff --git a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
index ef1ab6abe0..d707f81431 100644
--- a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Manage Windows Defender Advanced Threat Protection alerts
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
index 5422f94366..71b7ad88c9 100644
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@@ -18,19 +18,20 @@ localizationpriority: high
 
 In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN.
 
-> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+>[!NOTE]
+> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
 
 Hello addresses the following problems with passwords:
 -   Passwords can be difficult to remember, and users often reuse passwords on multiple sites.
 -   Server breaches can expose symmetric network credentials.
--   Passwords can be subject to [replay attacks](http://go.microsoft.com/fwlink/p/?LinkId=615673).
--   Users can inadvertently expose their passwords due to [phishing attacks](http://go.microsoft.com/fwlink/p/?LinkId=615674).
+-   Passwords can be subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
+-   Users can inadvertently expose their passwords due to [phishing attacks](https://go.microsoft.com/fwlink/p/?LinkId=615674).
 
 Hello lets users authenticate to:
 -   a Microsoft account.
 -   an Active Directory account.
 -   a Microsoft Azure Active Directory (Azure AD) account.
--   Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](http://go.microsoft.com/fwlink/p/?LinkId=533889) authentication
+-   Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](https://go.microsoft.com/fwlink/p/?LinkId=533889) authentication
 
 After an initial two-step verification of the user during enrollment, Hello is set up on the user's device and the user is asked to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Hello to authenticate users and help them to access protected resources and services.
 
@@ -90,21 +91,21 @@ When identity providers such as Active Directory or Azure AD enroll a certificat
 
 ## Learn more
 
-[Introduction to Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
+[Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
 
-[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](http://go.microsoft.com/fwlink/p/?LinkId=708533)
+[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](https://go.microsoft.com/fwlink/p/?LinkId=708533)
 
-[Windows Hello face authentication](http://go.microsoft.com/fwlink/p/?LinkId=626024)
+[Windows Hello face authentication](https://go.microsoft.com/fwlink/p/?LinkId=626024)
 
-[Biometrics hardware guidelines](http://go.microsoft.com/fwlink/p/?LinkId=626995)
+[Biometrics hardware guidelines](https://go.microsoft.com/fwlink/p/?LinkId=626995)
 
-[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](http://go.microsoft.com/fwlink/p/?LinkId=533890)
+[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](https://go.microsoft.com/fwlink/p/?LinkId=533890)
 
-[Windows 10: The End Game for Passwords and Credential Theft?](http://go.microsoft.com/fwlink/p/?LinkId=533891)
+[Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891)
 
-[Authenticating identities without passwords through Microsoft Passport](http://go.microsoft.com/fwlink/p/?LinkId=616778)
+[Authenticating identities without passwords through Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=616778)
 
-[Microsoft Passport guide](http://go.microsoft.com/fwlink/p/?LinkId=691928)
+[Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928)
 
 ## Related topics
 
diff --git a/windows/keep-secure/manage-tpm-commands.md b/windows/keep-secure/manage-tpm-commands.md
index 0620207ec5..c4b6611da4 100644
--- a/windows/keep-secure/manage-tpm-commands.md
+++ b/windows/keep-secure/manage-tpm-commands.md
@@ -40,7 +40,7 @@ The following procedures describe how to manage the TPM command lists. You must
 5.  Click **Enabled**, and then click **Show**.
 6.  For each command that you want to block, click **Add**, enter the command number, and then click **OK**.
     
-    >**Note:**  For a list of commands, see the [Trusted Platform Module (TPM) Specifications](http://go.microsoft.com/fwlink/p/?linkid=139770).
+    >**Note:**  For a list of commands, see the [Trusted Platform Module (TPM) Specifications](https://go.microsoft.com/fwlink/p/?linkid=139770).
      
 7.  After you have added numbers for each command that you want to block, click **OK** twice.
 8.  Close the Local Group Policy Editor.
diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index 61c94cc77e..f59a117ee3 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -19,17 +19,22 @@ This topic for the IT professional describes how to manage the lockout feature f
 
 The TPM will lock itself to prevent tampering or malicious attacks. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error message when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode.
 
-TPM ownership is commonly taken the first time BitLocker Drive Encryption is turned on for the computer. In this case, the TPM owner authorization password is saved with the BitLocker recovery key. When the BitLocker recovery key is saved to a file, BitLocker also saves a TPM owner password file (.tpm) with the TPM owner password hash value. When the BitLocker recovery key is printed, the TPM owner password is printed at the same time. You can also save your TPM owner password hash value to Active Directory Domain Services (AD DS) if your organization's Group Policy settings are configured to do so.
+TPM ownership is taken upon first boot by Windows. By default, Windows does not retain the TPM owner password.
 
 In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.
 
-The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM manufacturers implement different protection mechanisms and behavior. The general guidance is for the TPM chip to take exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
+**TPM 1.2**
+The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
 
-If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization.
+**TPM 2.0**
+ TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
+
+If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization.  This value is no longer retained by default starting with Windows 10 version 1607.
 
 ## Reset the TPM lockout by using the TPM MMC
+**Note:** This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607.
 
-The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.
+The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.  
 
 **To reset the TPM lockout**
 
@@ -71,4 +76,4 @@ For details about the individual cmdlets, see [TPM Cmdlets in Windows PowerShell
 
 ## Additional resources
 
-For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources).
\ No newline at end of file
+For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources).
diff --git a/windows/keep-secure/microsoft-passport-and-password-changes.md b/windows/keep-secure/microsoft-passport-and-password-changes.md
index dd002d75b8..128f1ffe29 100644
--- a/windows/keep-secure/microsoft-passport-and-password-changes.md
+++ b/windows/keep-secure/microsoft-passport-and-password-changes.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 author: jdeckerMS
 localizationpriority: high
 ---
-# Microsoft Passport and password changes
+# Windows Hello and password changes
 
 **Applies to**
 -   Windows 10
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index 8f3d731281..3e4fbfbedf 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -31,8 +31,8 @@ When a user encounters an error when creating the work PIN, advise the user to t
 1.  Try to create the PIN again. Some errors are transient and resolve themselves.
 2.  Sign out, sign in, and try to create the PIN again.
 3.  Reboot the device and then try to create the PIN again.
-4.  Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** &gt; **System** &gt; **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](http://go.microsoft.com/fwlink/p/?LinkId=715697).
-5.  On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](http://go.microsoft.com/fwlink/p/?LinkId=715697).
+4.  Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** &gt; **System** &gt; **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](https://go.microsoft.com/fwlink/p/?LinkId=715697).
+5.  On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](https://go.microsoft.com/fwlink/p/?LinkId=715697).
 If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
 
 <table>
@@ -84,7 +84,7 @@ If the error occurs again, check the error code against the following table to s
 <tr class="even">
 <td align="left">0x80090031</td>
 <td align="left">NTE_AUTHENTICATION_IGNORED</td>
-<td align="left">Reboot the device. If the error occurs again after rebooting, [reset the TPM]( http://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](http://go.microsoft.com/fwlink/p/?LinkId=629650)</td>
+<td align="left">Reboot the device. If the error occurs again after rebooting, [reset the TPM]( https://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](https://go.microsoft.com/fwlink/p/?LinkId=629650)</td>
 </tr>
 <tr class="odd">
 <td align="left">0x80090035</td>
@@ -99,7 +99,7 @@ If the error occurs again, check the error code against the following table to s
 <tr class="odd">
 <td align="left">0x801C000E</td>
 <td align="left">Registration quota reached</td>
-<td align="left"><p>Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](http://go.microsoft.com/fwlink/p/?LinkId=626933).</p></td>
+<td align="left"><p>Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](https://go.microsoft.com/fwlink/p/?LinkId=626933).</p></td>
 </tr>
 <tr class="even">
 <td align="left">0x801C000F</td>
diff --git a/windows/keep-secure/microsoft-passport-guide.md b/windows/keep-secure/microsoft-passport-guide.md
index 45548bb40f..d4bd6e4d33 100644
--- a/windows/keep-secure/microsoft-passport-guide.md
+++ b/windows/keep-secure/microsoft-passport-guide.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: security
 author: challum
+localizationpriority: high
 ---
 
 # Microsoft Passport guide
@@ -15,7 +16,10 @@ author: challum
 **Applies to**
 -   Windows 10
 
-This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10 operating system. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about how to design and deploy these technologies as part of your Windows 10 rollout.
+This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10, version 1511 operating system. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about how to design and deploy these technologies as part of your Windows 10 rollout.
+
+>[!NOTE]
+>For information about Windows Hello for Business in Windows 10, version 1607, see [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md).
 
 A fundamental assumption about information security is that a system can identify who’s using it. In identifying a user, the system can decide whether the user has identified himself or herself appropriately (a process known as authentication), and then determine what that properly authenticated user should be able to do (a process known as authorization). The overwhelming majority of computer systems deployed throughout the world depend on user credentials as a means of making authentication and authorization decisions, and that means that these systems depend on reusable, user-created passwords for their security. The oft-cited maxim that authentication can involve “something you know, something you have, or something you are” neatly highlights the issue: a reusable password is an authentication factor all by itself, so anyone who knows the password can impersonate the user who owns it.
 
@@ -41,7 +45,7 @@ Most security is a tradeoff between convenience and security: the more secure a
 
 **Password complexity**
 
-If the major risk to passwords is that an attacker might guess them through brute-force analysis, it might seem reasonable to require users to include a broader character set in their passwords or make them longer, but as a practical matter, password length and complexity requirements have two negative side effects. First, they encourage password reuse. Estimates by [Herley, Florêncio, and van Oorschot](http://go.microsoft.com/fwlink/p/?LinkId=627392) calculate that the stronger a password is, the more likely it is to be reused. Because users put more effort into the creation and memorization of strong passwords, they are much more likely to use the same credential across multiple systems. Second, adding length or character set complexity to passwords does not necessarily make them more difficult to guess. For example, P@ssw0rd1 is nine characters long and includes uppercase and lowercase letters, numbers, and special characters, but it’s easily guessed by many of the common password-cracking tools now available on the Internet. These tools can attack passwords by using a pre-computed dictionary of common passwords, or they can start with a base word such as password, and then apply common character substitutions. A completely random eight-character password might therefore actually take longer to guess than P@ssw0rd123.
+If the major risk to passwords is that an attacker might guess them through brute-force analysis, it might seem reasonable to require users to include a broader character set in their passwords or make them longer, but as a practical matter, password length and complexity requirements have two negative side effects. First, they encourage password reuse. Estimates by [Herley, Florêncio, and van Oorschot](https://go.microsoft.com/fwlink/p/?LinkId=627392) calculate that the stronger a password is, the more likely it is to be reused. Because users put more effort into the creation and memorization of strong passwords, they are much more likely to use the same credential across multiple systems. Second, adding length or character set complexity to passwords does not necessarily make them more difficult to guess. For example, P@ssw0rd1 is nine characters long and includes uppercase and lowercase letters, numbers, and special characters, but it’s easily guessed by many of the common password-cracking tools now available on the Internet. These tools can attack passwords by using a pre-computed dictionary of common passwords, or they can start with a base word such as password, and then apply common character substitutions. A completely random eight-character password might therefore actually take longer to guess than P@ssw0rd123.
 
 **Password expiration**
 
@@ -105,7 +109,7 @@ Microsoft Passport offers flexibility in the datacenter, too. To deploy it, in s
 
 **It’s standardized**
 
-Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end. The future lies with open, interoperable systems that allow secure authentication across a variety of devices, LOBs, and external applications and websites. To this end, a group of industry players formed the Fast IDentity Online Alliance (FIDO), a nonprofit organization intended to address the lack of interoperability among strong authentication devices as well as the problems users face when they have to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. For more information, see the [FIDO Alliance website](http://go.microsoft.com/fwlink/p/?LinkId=627393).
+Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end. The future lies with open, interoperable systems that allow secure authentication across a variety of devices, LOBs, and external applications and websites. To this end, a group of industry players formed the Fast IDentity Online Alliance (FIDO), a nonprofit organization intended to address the lack of interoperability among strong authentication devices as well as the problems users face when they have to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. For more information, see the [FIDO Alliance website](https://go.microsoft.com/fwlink/p/?LinkId=627393).
 
 In 2013, Microsoft joined the FIDO Alliance. FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong passwordless authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: passwordless (known as the Universal Authentication Framework \[UAF\]) and 2nd Factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals to combine the best parts of the U2F and UAF FIDO 1.0 standards. Microsoft is actively contributing to the proposals, and Windows 10 is a reference implementation of these concepts. In addition to supporting those protocols, the Windows implementation covers other aspects of the end-to-end experience that the specification does not cover, including user interface to, storage of, and protection for users’ device keys and the tokens issued after authentication; supporting administrator policies; and providing deployment tools. Microsoft expects to continue working with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
 
@@ -177,7 +181,7 @@ Containers can contain several types of key material:
 -   *Secure/Multipurpose Internet Mail Extensions (S/MIME) keys and certificates*, which a certification authority (CA) generates. The keys associated with the user’s S/MIME certificate can be stored in a Microsoft Passport container so they’re available to the user whenever the container is unlocked.
 -   The *IDP key*. These keys can be either symmetric or asymmetric, depending on which IDP you use. A single container may contain zero or more IDP keys, with some restrictions (for example, the enterprise container can contain zero or one IDP keys). IDP keys are stored in the container as illustrated in Figure 3. For certificate-based Microsoft Passport for Work, when the container is unlocked, applications that require access to the IDP key or key pair can request access. IDP keys are used to sign or encrypt authentication requests or tokens sent from this machine to the IDP. IDP keys are typically long lived but could have a shorter lifetime than the authentication key.
 Microsoft accounts, Active Directory accounts, and Azure AD accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IDP (which stores it for later verification), and securely stores the private key. For enterprises, the IDP keys can be generated in two ways:
--   The IDP key pair can be associated with an enterprise CA through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](http://go.microsoft.com/fwlink/p/?LinkId=733947). In this case, Microsoft Passport requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Microsoft Passport in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
+-   The IDP key pair can be associated with an enterprise CA through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](https://go.microsoft.com/fwlink/p/?LinkId=733947). In this case, Microsoft Passport requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Microsoft Passport in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
 -   The IDP can generate the IDP key pair directly, which allows quick, lower-overhead deployment of Microsoft Passport in environments that don’t have or need a PKI.
 
 **How keys are protected**
@@ -239,7 +243,7 @@ The major benefit of this approach is that it provides uniform protection for al
 
 The downside to this approach is its complexity. Smaller organizations may find that managing the rollout of a new operating system across all devices is beyond the scope of their experience and capability. For these organizations, users can self-upgrade, and new users may end up with Windows 10 because they get new devices when they join. Larger organizations, especially those that are highly decentralized or have operations across many physical sites, may have more deployment knowledge and resources but face the challenge of coordinating rollout efforts across a larger user base and footprint.
 
-For more information about desktop deployment of Windows 10, visit the [Windows 10 TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=626581).
+For more information about desktop deployment of Windows 10, visit the [Windows 10 TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=626581).
 
 One key aspect of this deployment strategy is how to get Windows 10 in users’ hands. Because different organizations have wildly differing strategies to refresh hardware and software, there’s no one-size-fits-all strategy. For example, some organizations pursue a coordinated strategy that puts new desktop operating systems in users’ hands every 2–3 years on existing hardware, supplementing with new hardware only where and when required. Others tend to replace hardware and deploy whatever version of the Windows client operating system ships on the purchased devices. In both cases, there are typically separate deployment cycles for servers and server operating systems, and the desktop and server cycles may or may not be coordinated.
 
@@ -303,7 +307,7 @@ Table 1. Deployment requirements for Microsoft Passport
 <td align="left"><p>Azure AD subscription</p></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>A few Windows Server 2016 Technical Preview domain controllers on-site</li>
 <li>A management solution, such as Configuration Manager, Group Policy, or MDM</li>
 <li>Active Directory Certificate Services (AD CS) without Network Device Enrollment Service (NDES)</li>
@@ -318,7 +322,7 @@ Table 1. Deployment requirements for Microsoft Passport
 <p>Intune</p></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>AD CS with NDES</li>
 <li>Configuration Manager (current branch) or Configuration Manager 2016 Technical Preview for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
 </ul></td>
@@ -333,7 +337,7 @@ Note that the current release of Windows 10 supports the Azure AD–only (RTM)
 
 **Select policy settings**
 
-Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733877).
+Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733877).
 
 ## Implement Microsoft Passport
 
@@ -362,7 +366,7 @@ As of the initial release of Windows 10, you can control the following settings
 -   You can define the complexity and length of the PIN that users generate at registration.
 -   You can control whether Windows Hello use is enabled in your organization.
 
-These settings can be implemented through GPOs or through configuration service providers (CSPs) in MDM systems, so you have a familiar and flexible set of tools you can use to apply them to exactly the users you want. (For details about the Microsoft Passport for Work CSP, see [PassportForWork CSP)](http://go.microsoft.com/fwlink/p/?LinkId=733876).
+These settings can be implemented through GPOs or through configuration service providers (CSPs) in MDM systems, so you have a familiar and flexible set of tools you can use to apply them to exactly the users you want. (For details about the Microsoft Passport for Work CSP, see [PassportForWork CSP)](https://go.microsoft.com/fwlink/p/?LinkId=733876).
 
 ## Roadmap
 
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 85249ee5d8..8fa747d356 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: iaanw
+localizationpriority: high
 ---
 
 # Minimum requirements for Windows Defender ATP
@@ -15,7 +16,7 @@ author: iaanw
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -35,7 +36,7 @@ When you run the onboarding wizard for the first time, you must choose where you
 The Windows Defender ATP agent only supports the following editions of Windows 10:
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 
diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md
new file mode 100644
index 0000000000..2f8775683c
--- /dev/null
+++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md
@@ -0,0 +1,7 @@
+ ---
+ redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection
+ ---
+
+# Monitor the Windows Defender Advanced Threat Protection onboarding
+
+This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection)
\ No newline at end of file
diff --git a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
index 1c962bc1ec..9205bb0153 100644
--- a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: iaanw
+localizationpriority: high
 ---
 
 # Onboard and set up Windows Defender Advanced Threat Protection
@@ -15,7 +16,7 @@ author: iaanw
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/optimize-applocker-performance.md b/windows/keep-secure/optimize-applocker-performance.md
index ff8f099f2d..5282b92618 100644
--- a/windows/keep-secure/optimize-applocker-performance.md
+++ b/windows/keep-secure/optimize-applocker-performance.md
@@ -20,7 +20,7 @@ This topic for IT professionals describes how to optimize AppLocker policy enfor
 
 AppLocker policies can be implemented by organization unit (OU) using Group Policy. If so, your Group Policy infrastructure should be optimized and retested for performance when AppLocker policies are added to existing Group Policy Objects (GPOs) or new GPOs are created, as you do with adding any policies to your GPOs.
 
-For more info, see the [Optimizing Group Policy Performance](http://go.microsoft.com/fwlink/p/?LinkId=163238) article in TechNet Magazine.
+For more info, see the [Optimizing Group Policy Performance](https://go.microsoft.com/fwlink/p/?LinkId=163238) article in TechNet Magazine.
 
 ### AppLocker rule limitations
 
diff --git a/windows/keep-secure/overview-create-wip-policy.md b/windows/keep-secure/overview-create-wip-policy.md
index 0bd61f269b..f0ae686b47 100644
--- a/windows/keep-secure/overview-create-wip-policy.md
+++ b/windows/keep-secure/overview-create-wip-policy.md
@@ -23,4 +23,4 @@ Microsoft Intune and System Center Configuration Manager helps you create and de
 |------|------------|
 |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Intune helps you create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
 |[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |System Center Configuration Manager helps you create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)] |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
\ No newline at end of file
+|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
\ No newline at end of file
diff --git a/windows/keep-secure/passport-event-300.md b/windows/keep-secure/passport-event-300.md
index 3609eec53d..25c9b86986 100644
--- a/windows/keep-secure/passport-event-300.md
+++ b/windows/keep-secure/passport-event-300.md
@@ -35,7 +35,7 @@ This is a normal condition. No further action is required.
 
 ## Related topics
 
-[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
+[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 
 [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 
diff --git a/windows/keep-secure/plan-for-applocker-policy-management.md b/windows/keep-secure/plan-for-applocker-policy-management.md
index 96d65e5c32..ba66c70d42 100644
--- a/windows/keep-secure/plan-for-applocker-policy-management.md
+++ b/windows/keep-secure/plan-for-applocker-policy-management.md
@@ -64,13 +64,13 @@ AppLocker event log is located in the following path: **Applications and Service
 2.  **MSI and Script**. Contains events for all files affected by the Windows Installer and script rule collections (.msi, .msp, .ps1, .bat, .cmd, .vbs, and .js).
 3.  **Packaged app-Deployment** or **Packaged app-Execution**, contains events for all Universal Windows apps affected by the packaged app and packed app installer rule collection (.appx).
 
-Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](http://go.microsoft.com/fwlink/p/?LinkId=145012).
+Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012).
 
 ### Policy maintenance
 
 As new apps are deployed or existing apps are updated by the software publisher, you will need to make revisions to your rule collections to ensure that the policy is current.
 
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](http://go.microsoft.com/fwlink/p/?LinkId=145013) (http://go.microsoft.com/fwlink/p/?LinkId=145013).
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013).
 
 >**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
  
@@ -100,7 +100,7 @@ A file could be blocked for three reasons:
 -   There may be an existing rule that was created for the file that is too restrictive.
 -   A deny rule, which cannot be overridden, is explicitly blocking the file.
 
-Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=160269) (http://go.microsoft.com/fwlink/p/?LinkId=160269).
+Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=160269) (https://go.microsoft.com/fwlink/p/?LinkId=160269).
 
 ## Next steps
 
diff --git a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
index 1fa912d181..77613b4101 100644
--- a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
@@ -99,7 +99,7 @@ In addition to your domain model, you should also find out whether your organiza
 
 >**Important:**  Including auditing within your organization's security plan also makes it possible to budget your resources on the areas where auditing can achieve the most positive results.
  
-For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](http://go.microsoft.com/fwlink/p/?LinkId=163432).
+For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](https://go.microsoft.com/fwlink/p/?LinkId=163432).
 
 ### Data and resources
 
@@ -144,7 +144,7 @@ Security and auditing requirements and audit event volume can vary considerably
 -   If the computers are servers, desktop computers, or portable computers.
 -   The important applications the computers run, such as Exchange Server, SQL Server, or Forefront Identity Manager.
 
-    >**Note:**  If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](http://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](http://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](http://technet.microsoft.com/library/cc280386.aspx).
+    >**Note:**  If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](https://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](https://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](http://technet.microsoft.com/library/cc280386.aspx).
      
 -   The operating system versions.
     
@@ -260,7 +260,7 @@ In the majority of cases, these attempts will be legitimate and a network needs
 
     >**Note:**  There is no failure event for logoff activity because failed logoffs (such as when a system abruptly shuts down) do not generate an audit record. Logoff events are not 100 percent reliable. For example, the computer can be turned off without a proper logoff and shutdown, and a logoff event is not generated.
      
--   Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](http://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base.
+-   Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](https://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base.
 -   Object Access\\[Audit Certification Services](audit-certification-services.md). This policy setting allows you to track and monitor a wide variety of activities on a computer that hosts Active Directory Certificate Services (AD CS) role services to ensure that only authorized users are performing or attempting to perform these tasks, and that only authorized or desired tasks are being performed.
 -   Object Access\\[Audit File System](audit-file-system.md) and Object Access\\[Audit File Share](audit-file-share.md). These policy settings are described in the previous section.
 -   Object Access\\[Audit Handle Manipulation](audit-handle-manipulation.md). This policy setting and its role in providing "reason for access" audit data is described in the previous section.
@@ -336,7 +336,7 @@ Configuration\\Administrative Templates\\Windows Components\\Event Log Service\\
 -   **Retain old events**. This policy setting controls event log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, new events overwrite old events.
 -   **Backup log automatically when full**. This policy setting controls event log behavior when the log file reaches its maximum size and takes effect only if the **Retain old events** policy setting is enabled. If you enable these policy settings, the event log file is automatically closed and renamed when it is full. A new file is then started. If you disable or do not configure this policy setting and the **Retain old events** policy setting is enabled, new events are discarded and the old events are retained.
 
-In addition, a growing number of organizations are being required to store archived log files for a number of years. You should consult with regulatory compliance officers in your organization to determine whether such guidelines apply to your organization. For more information, see the [IT Compliance Management Guide](http://go.microsoft.com/fwlink/p/?LinkId=163435).
+In addition, a growing number of organizations are being required to store archived log files for a number of years. You should consult with regulatory compliance officers in your organization to determine whether such guidelines apply to your organization. For more information, see the [IT Compliance Management Guide](https://go.microsoft.com/fwlink/p/?LinkId=163435).
 
 ## <a href="" id="bkmk-5"></a>Deploying the security audit policy
 
diff --git a/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md b/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
index 0e1ec374bc..0790236e3f 100644
--- a/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
+++ b/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
@@ -16,7 +16,7 @@ author: brianlic-msft
 
 This topic provides a roadmap for planning and getting started on the Device Guard deployment process, with links to topics that provide additional detail. Planning for Device Guard deployment involves looking at both the end-user and the IT pro impact of your choices. Use the following steps to guide you.
 
-**Planning**
+## Planning
 
 1. **Review requirements, especially hardware requirements for VBS**. Review the virtualization-based security (VBS) features described in [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats). Then you can assess your end-user systems to see how many support the VBS features you are interested in, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). 
 
@@ -33,7 +33,7 @@ This topic provides a roadmap for planning and getting started on the Device Gua
 
 4.  **Identify LOB applications that are currently unsigned**. Although requiring signed code (through code integrity policies) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. For a basic description of catalog files, see the table in [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md). For more background information about catalog files, see [Reviewing your applications: application signing and catalog files](requirements-and-deployment-planning-guidelines-for-device-guard.md#reviewing-your-applications-application-signing-and-catalog-files).
 
-**Getting started on the deployment process**
+## Getting started on the deployment process
 
 1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal CA. If you choose to use an internal CA, you will need to create a code signing certificate. For more information, see [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md).
 
diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
index 177d0998d6..8c9f2086ff 100644
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: DulceMV
+localizationpriority: high
 ---
 
 # Windows Defender Advanced Threat Protection portal overview
@@ -15,7 +16,7 @@ author: DulceMV
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -38,7 +39,7 @@ When you open the portal, you’ll see the main areas of the application:
  ![Windows Defender Advanced Threat Protection portal](images/portal-image.png)
 
 > [!NOTE]
-> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section.
 
diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
index 81f36a3d4e..f6419c6ced 100644
--- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
+++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
@@ -83,15 +83,11 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
 
 **Sign in to PC using the phone**
 
-<<<<<<< HEAD
+
 1.  Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to.
     > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account.
     
     ![select a device](images/phone-signin-device-select.png)
-=======
-1.  Open the **Microsoft Authenticator** app and tap the name of the PC to sign in to.
-    > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account.
->>>>>>> parent of 9891b67... from master
      
 2.  Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account.
 
diff --git a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
index c30af5a4c1..31c04c1c61 100644
--- a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -120,7 +120,7 @@ For a TPM to be usable by BitLocker, it must contain an endorsement key, which i
 
 An endorsement key can be created at various points in the TPM’s lifecycle, but needs to be created only once for the lifetime of the TPM. If an endorsement key does not exist for the TPM, it must be created before TPM ownership can be taken.
 
-For more information about the TPM and the TCG, see the Trusted Computing Group: Trusted Platform Module (TPM) Specifications (<http://go.microsoft.com/fwlink/p/?linkid=69584>).
+For more information about the TPM and the TCG, see the Trusted Computing Group: Trusted Platform Module (TPM) Specifications (<https://go.microsoft.com/fwlink/p/?linkid=69584>).
 
 ## <a href="" id="bkmk-nontpm"></a>Non-TPM hardware configurations
 
diff --git a/windows/keep-secure/protect-enterprise-data-using-wip.md b/windows/keep-secure/protect-enterprise-data-using-wip.md
index e97e4432da..b6d01bc4cc 100644
--- a/windows/keep-secure/protect-enterprise-data-using-wip.md
+++ b/windows/keep-secure/protect-enterprise-data-using-wip.md
@@ -2,7 +2,7 @@
 title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10)
 description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
 ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
-keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -17,9 +17,11 @@ localizationpriority: high
 -   Windows 10, version 1607
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
 
-Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
+Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
 
 ## Prerequisites
 You’ll need this software to run WIP in your enterprise:
@@ -28,27 +30,42 @@ You’ll need this software to run WIP in your enterprise:
 |-----------------|---------------------|
 |Windows 10, version 1607 | Microsoft Intune<br>-OR-<br>System Center Configuration Manager<br>-OR-<br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.|
 
-## How WIP works
-WIP helps address your everyday challenges in the enterprise. Including:
+## What is enterprise data control?
+Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security, all the way to the other extreme where people can’t share anything and it’s all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure.
 
-- Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down.
+As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn’t guarantee that the data will remain within the secured locations of the enterprise. This means that while access controls are a great start, they’re not enough.
 
-- Reducing employee frustrations because of restrictive data management policies on enterprise-owned devices.
+In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don’t allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls.
 
-- Helping to maintain the ownership and control of your enterprise data.
+### Using data loss prevention systems
+To help address this security insufficiency, company’s developed data loss prevention (also known as DLP) systems. Data loss prevention systems require:
+- **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers.
 
-- Helping control the network and data access and data sharing for apps that aren’t enterprise aware
+- **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries.
 
-### WIP-protection modes
-You can set WIP to 1 of 4 protection and management modes:
+- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
 
-|Mode|Description|
-|----|-----------|
-|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
-|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
-|Off |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives. |
-<p>**Note**<br>For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution.
+Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss preventions systems is that it provides a jarring experience that interrupts the employees’ natural workflow by blocking some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand.
+
+### Using information rights management systems
+To help address the potential data loss prevention system problems, company’s developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. 
+
+After the type of protection is set, the creating app encrypts the document so that only authorized people can open it, and even then, only in compatible apps. After an employee opens the document, the app becomes responsible for enforcing the specified protections. Because protection travels with the document, if an authorized person sends it to an unauthorized person, the unauthorized person won’t be able to read or change it. However, for this to work effectively information rights management systems require you to deploy and set up both a server and client environment. And, because only compatible clients can work with protected documents, an employees’ work might be unexpectedly interrupted if he or she attempts to use a non-compatible app.
+
+### And what about when an employee leaves the company or unenrolls a device?
+Finally, there’s the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would simply erase all of the corporate data from the device, along with any other personal data on the device.
+
+## Benefits of WIP
+WIP provides:
+- Obvious separation between personal and corporate data, without requiring employees to switch environments or apps.
+
+- Additional data protection for existing line-of-business apps without a need to update the apps.
+
+- Ability to wipe corporate data from devices while leaving personal data alone.
+
+- Use of audit reports for tracking issues and remedial actions.
+
+- Integration with your existing management system (Microsoft Intune, System Center Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company.
 
 ## Why use WIP?
 WIP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
@@ -65,7 +82,7 @@ WIP gives you a new way to manage data policy enforcement for apps and documents
     
         You don’t have to modify line-of-business apps that never touch personal data to list them as allowed apps; just include them in the allowed apps list.
 
-    -   **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your allowed apps list.
+    -   **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your allowed apps list.
 
     -   **Data encryption at rest.** WIP helps protect enterprise data on local files and on removable media.
     
@@ -75,9 +92,48 @@ WIP gives you a new way to manage data policy enforcement for apps and documents
 
     -   **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
 
--   **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.<p>**Note**<br>System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
+-   **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
+    > **Note**<br>System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
+
+## How WIP works
+WIP helps address your everyday challenges in the enterprise. Including:
+
+- Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down.
+
+- Reducing employee frustrations because of restrictive data management policies on enterprise-owned devices.
+
+- Helping to maintain the ownership and control of your enterprise data.
+
+- Helping control the network and data access and data sharing for apps that aren’t enterprise aware
+
+### Enterprise scenarios
+WIP currently addresses these enterprise scenarios:
+- You can encrypt enterprise data on employee-owned and corporate-owned devices.
+
+- You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data.
+
+- You can select specific apps that can access enterprise data, called "allowed apps" that are clearly recognizable to employees. You can also block non-protected apps from accessing enterprise data.
+
+- Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn’t required.
+
+### WIP-protection modes
+Enterprise data is automatically encrypted after it’s loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity.
+
+Your WIP policy includes a list of trusted apps that are allowed to access and process corporate data. This list of apps is implemented through the [AppLocker](applocker-overview.md) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don’t have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it’s personally owned.
+
+You can set your WIP policy to use 1 of 4 protection and management modes:
+
+|Mode|Description|
+|----|-----------|
+|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.|
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
+|Off |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.<p>**Note**<br>For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution. |
+
+## Turn off WIP
+You can turn off all Windows Information Protection and restrictions, reverting to where you were pre-WIP, with no data loss. However, turning off WIP isn't recommended. If you choose to turn it off, you can always turn it back on, but WIP won't retain your decryption and policies info.
 
 ## Next steps
 After deciding to use WIP in your enterprise, you need to:
 
--   [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md)
\ No newline at end of file
+-   [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md)
diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index d74bdf6189..0ebb719b2e 100644
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -123,7 +123,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
     -   The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
     -   The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
 
-    Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Microsoft Passport, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=733948).
+    Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Microsoft Passport, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948).
 
     Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. TPM 2.0 is required for device health attestation.
 
@@ -183,7 +183,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
 
     HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This means that kernel memory pages can never be Writable and Executable (W+X) and executable code cannot be directly modified.
 
-    >**Note:**  Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=691612) blog post.
+    >**Note:**  Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=691612) blog post.
      
     The Device Guard Code Integrity feature lets organizations control what code is trusted to run into the Windows kernel and what applications are approved to run in user mode. It’s configurable by using a policy.
     Device Guard Code Integrity policy is a binary file that Microsoft recommends you sign. The signing of the Code Integrity policy aids in the protection against a malicious user with Administrator privileges trying to modify or remove the current Code Integrity policy.
@@ -198,7 +198,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
 
     Windows 10 takes measurements of the UEFI firmware and each of the Windows and antimalware components are made as they load during the boot process. Additionally, they are taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and cannot be changed unless the system is reset.
 
-    For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](http://go.microsoft.com/fwlink/p/?LinkId=733950).
+    For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](https://go.microsoft.com/fwlink/p/?LinkId=733950).
 
     During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For additional security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device.
 
@@ -245,7 +245,7 @@ The trust decision to execute code is performed by using Hyper-V Code Integrity,
 
 Hyper-V Code Integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with Administrator privileges. On x64-based versions of Windows 10 kernel-mode drivers must be digitally signed.
 
->**Note:**  Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](http://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate.
+>**Note:**  Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](https://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate.
  
 With Device Guard in Windows 10, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows 10 Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, as well as traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts.
 
@@ -325,7 +325,7 @@ For more information on device health attestation, see the [Detect an unhealthy
 
 ### <a href="" id="hardware-req"></a>Hardware requirements
 
-The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](http://go.microsoft.com/fwlink/p/?LinkId=733951).
+The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](https://go.microsoft.com/fwlink/p/?LinkId=733951).
 
 <table>
 <colgroup>
@@ -475,7 +475,7 @@ The TPM has an embedded unique cryptographic key called the endorsement key. The
 
 The endorsement key public key is generally used for sending securely sensitive parameters, such as when taking possession of the TPM that contains the defining hash of the owner password. The EK private key is used when creating secondary keys like AIKs.
 
-The endorsement key acts as an identity card for the TPM. For more information, see [Understand the TPM endorsement key](http://go.microsoft.com/fwlink/p/?LinkId=733952).
+The endorsement key acts as an identity card for the TPM. For more information, see [Understand the TPM endorsement key](https://go.microsoft.com/fwlink/p/?LinkId=733952).
 
 The endorsement key is often accompanied by one or two digital certificates:
 
@@ -573,7 +573,7 @@ The Health Attestation Service provides the following information to an MDM solu
 -   Safe Mode boot, DEP enablement, test signing enablement
 -   Device TPM has been provisioned with a trusted endorsement certificate
 
-For completeness of the measurements, see [Health Attestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=733949).
+For completeness of the measurements, see [Health Attestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=733949).
 
 The following table presents some key items that can be reported back to MDM depending on the type of Windows 10-based device.
 
@@ -662,7 +662,7 @@ Today’s access control technology, in most cases, focuses on ensuring that the
 
 The remote device health attestation process uses measured boot data to verify the health status of the device. The health of the device is then available for an MDM solution like Intune.
 
->**Note:**  For the latest information on Intune and Windows 10 features support, see the [Microsoft Intune blog](http://go.microsoft.com/fwlink/p/?LinkId=691614) and [What's new in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733956).
+>**Note:**  For the latest information on Intune and Windows 10 features support, see the [Microsoft Intune blog](https://go.microsoft.com/fwlink/p/?LinkId=691614) and [What's new in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733956).
  
 The figure below shows how the Health Attestation Service is expected to work with Microsoft’s cloud-based Intune MDM service.
 
@@ -679,9 +679,9 @@ Windows 10 has an MDM client that ships as part of the operating system. This e
 
 ### Third-party MDM server support
 
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a compatible server that supports the OMA-DM protocol to perform enterprise management tasks. For additional information, see [Azure Active Directory integration with MDM](http://go.microsoft.com/fwlink/p/?LinkId=733954).
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a compatible server that supports the OMA-DM protocol to perform enterprise management tasks. For additional information, see [Azure Active Directory integration with MDM](https://go.microsoft.com/fwlink/p/?LinkId=733954).
 
->**Note:**  MDM servers do not need to create or download a client to manage Windows 10. For more information, see [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=733955).
+>**Note:**  MDM servers do not need to create or download a client to manage Windows 10. For more information, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=733955).
  
 The third-party MDM server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users.
 
@@ -689,7 +689,7 @@ The third-party MDM server will have the same consistent first-party user experi
 
 This management infrastructure makes it possible for IT pros to use MDM-capable products like Intune, to manage health attestation, Device Guard, or Windows Defender on Windows 10-based devices, including BYODs that aren’t domain joined. IT pros will be able to manage and configure all of the actions and settings they are familiar with customizing by using Intune with Intune Endpoint Protection on down-level operating systems. Admins that currently only manage domain joined devices through Group Policy will find it easy to transition to managing Windows 10-based devices by using MDM because many of the settings and actions are shared across both mechanisms.
 
-For more information on how to manage Windows 10 security and system settings with an MDM solution, see [Custom URI settings for Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkId=733953).
+For more information on how to manage Windows 10 security and system settings with an MDM solution, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=733953).
 
 ### Conditional access control
 
@@ -710,7 +710,7 @@ When a user requests access to an Office 365 service from a supported device pla
 
 When a user enrolls, the device is registered with Azure AD, and enrolled with a compatible MDM solution like Intune.
 
->**Note**  Microsoft is working with third-party MDM ISVs to support automated MDM enrollment and policy based access checks. Steps to turn on auto-MDM enrollment with Azure AD and Intune are explained in the [Windows 10, Azure AD And Microsoft Intune: Automatic MDM Enrollment Powered By The Cloud!](http://go.microsoft.com/fwlink/p/?LinkId=691615) blog post.
+>**Note**  Microsoft is working with third-party MDM ISVs to support automated MDM enrollment and policy based access checks. Steps to turn on auto-MDM enrollment with Azure AD and Intune are explained in the [Windows 10, Azure AD And Microsoft Intune: Automatic MDM Enrollment Powered By The Cloud!](https://go.microsoft.com/fwlink/p/?LinkId=691615) blog post.
  
 When a user enrolls a device successfully, the device becomes trusted. Azure AD provides single-sign-on to access company applications and enforces conditional access policy to grant access to a service not only the first time the user requests access, but every time the user requests to renew access.
 
@@ -732,7 +732,7 @@ To get to a compliant state, the Windows 10-based device needs to:
 -   Register with Azure AD.
 -   Be compliant with the device policies set by the MDM solution.
 
->**Note:**  At the present time, conditional access policies are selectively enforced on users on iOS and Android devices. For more information, see the [Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility!](http://go.microsoft.com/fwlink/p/?LinkId=691616) blog post.
+>**Note:**  At the present time, conditional access policies are selectively enforced on users on iOS and Android devices. For more information, see the [Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility!](https://go.microsoft.com/fwlink/p/?LinkId=691616) blog post.
  
 ### <a href="" id="cloud-and-on-premises-apps-conditional-access-control-"></a>Cloud and on-premises apps conditional access control
 
@@ -740,13 +740,13 @@ Conditional access control is a powerful policy evaluation engine built into Azu
 
 IT pros can configure conditional access control policies for cloud SaaS applications secured by Azure AD and even on-premises applications. Access rules in Azure AD leverage the conditional access engine to check device health and compliance state reported by a compatible MDM solution like Intune in order to determine whether to allow access.
 
-For more information about conditional access, see [Azure Conditional Access Preview for SaaS Apps.](http://go.microsoft.com/fwlink/p/?LinkId=524807)
+For more information about conditional access, see [Azure Conditional Access Preview for SaaS Apps.](https://go.microsoft.com/fwlink/p/?LinkId=524807)
 
->**Note:**  Conditional access control is an Azure AD Premium feature that's also available with EMS. If you don't have an Azure AD Premium subscription, you can get a trial from the [Microsoft Azure](http://go.microsoft.com/fwlink/p/?LinkId=691617) site.
+>**Note:**  Conditional access control is an Azure AD Premium feature that's also available with EMS. If you don't have an Azure AD Premium subscription, you can get a trial from the [Microsoft Azure](https://go.microsoft.com/fwlink/p/?LinkId=691617) site.
  
 For on-premises applications there are two options to enable conditional access control based on a device's compliance state:
 
--   For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](http://go.microsoft.com/fwlink/p/?LinkId=691618) blog post.
+-   For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](https://go.microsoft.com/fwlink/p/?LinkId=691618) blog post.
 -   Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
 
 ![figure 13](images/hva-fig12-conditionalaccess12.png)
@@ -768,7 +768,7 @@ The following process describes how Azure AD conditional access works:
 13. If the device is compliant and the user is authorized, an access token is generated.
 14. User can access the corporate managed asset.
 
-For more information about Azure AD join, see the [Azure AD & Windows 10: Better Together for Work or School](http://go.microsoft.com/fwlink/p/?LinkId=691619) white paper.
+For more information about Azure AD join, see the [Azure AD & Windows 10: Better Together for Work or School](https://go.microsoft.com/fwlink/p/?LinkId=691619) white paper.
 
 Conditional access control is a topic that many organizations and IT pros may not know as well as they should. The different attributes that describe a user, a device, compliance, and context of access are very powerful when used with a conditional access engine. Conditional access control is an essential step that helps organizations secure their environment.
 
@@ -822,4 +822,4 @@ Health attestation is a key feature of Windows 10 that includes client and clou
 
 - [Protect derived domain credentials with Credential Guard](credential-guard.md)
 - [Device Guard deployment guide](device-guard-deployment-guide.md)
-- [Trusted Platform Module technology overview](http://go.microsoft.com/fwlink/p/?LinkId=733957)
+- [Trusted Platform Module technology overview](https://go.microsoft.com/fwlink/p/?LinkId=733957)
diff --git a/windows/keep-secure/remote-credential-guard.md b/windows/keep-secure/remote-credential-guard.md
index ce2fbc59b1..575cb5f7f2 100644
--- a/windows/keep-secure/remote-credential-guard.md
+++ b/windows/keep-secure/remote-credential-guard.md
@@ -61,7 +61,7 @@ You can use Remote Credential Guard on the client device by setting a Group Poli
 1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**.
 2. Double-click **Restrict delegation of credentials to remote servers**.
 3. In the **Use the following restricted mode** box:
-    - If you want to require either [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) or Remote Credential Guard, choose **Require Credential Guard**. In this configuration, Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Remote Credential Guard cannot be used.
+    - If you want to require either [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) or Remote Credential Guard, choose **Require Remote Credential Guard**. In this configuration, Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Remote Credential Guard cannot be used.
 
         > **Note:**  Neither Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
         
diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
index 7403b2750b..13b3f05f42 100644
--- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
+++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
@@ -23,7 +23,9 @@ This article describes the following:
 - [Reviewing your applications: application signing and catalog files](#reviewing-your-applications-application-signing-and-catalog-files)
 - [Code integrity policy formats and signing](#code-integrity-policy-formats-and-signing)
 
-The information in this article provides a foundation for [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
+The information in this article is intended for IT professionals, and provides a foundation for [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
+
+>**Note**&nbsp;&nbsp;If you are an OEM, see the requirements information at [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx).
 
 ## Hardware, firmware, and software requirements for Device Guard
 
diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
index 595d3e6855..2234eebd86 100644
--- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index e3cd578183..c6875dfdd6 100644
--- a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -40,7 +40,7 @@ You can use IKEv2 as a virtual private network (VPN) tunneling protocol that sup
 
 -   [Troubleshooting](#troubleshooting)
 
->**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
+>**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](https://go.microsoft.com/fwlink/p/?linkid=230693).
 
 ## Prerequisites
 
diff --git a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
index e45619b0a3..a5df900c1d 100644
--- a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: DulceMV
+localizationpriority: high
 ---
 
 # Windows Defender Advanced Threat Protection settings
@@ -15,7 +16,7 @@ author: DulceMV
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
index b6b9fd71e5..b60489c882 100644
--- a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -21,7 +21,7 @@ PCR\[N\] = HASHalg( PCR\[N\] || ArgumentOfExtend )
 
 The existing value is concatenated with the argument of the TPM Extend operation. The resulting concatenation is then used as input to the associated hashing algorithm, which computes a digest of the input. This computed digest becomes the new value of the PCR.
 
-The [TCG PC Client Specific Platform TPM Profile for TPM 2.0](http://go.microsoft.com/fwlink/p/?LinkId=746577) defines the inclusion of at least one PCR bank with 24 registers. The only way to reset the first 16 PCRs is to reset the TPM itself. This restriction helps ensure that the value of those PCRs can only be modified via the TPM Extend operation.
+The [TCG PC Client Specific Platform TPM Profile for TPM 2.0](https://go.microsoft.com/fwlink/p/?LinkId=746577) defines the inclusion of at least one PCR bank with 24 registers. The only way to reset the first 16 PCRs is to reset the TPM itself. This restriction helps ensure that the value of those PCRs can only be modified via the TPM Extend operation.
 
 Some TPM PCRs are used as checksums of log events. The log events are extended in the TPM as the events occur. Later, an auditor can validate the logs by computing the expected PCR values from the log and comparing them to the PCR values of the TPM. Since the first 16 TPM PCRs cannot be modified arbitrarily, a match between an expected PCR value in that range and the actual TPM PCR value provides assurance of an unmodified log.
 
diff --git a/windows/keep-secure/testing-scenarios-for-wip.md b/windows/keep-secure/testing-scenarios-for-wip.md
index e74a83cfad..45737291cf 100644
--- a/windows/keep-secure/testing-scenarios-for-wip.md
+++ b/windows/keep-secure/testing-scenarios-for-wip.md
@@ -1,6 +1,6 @@
 ---
 title: Testing scenarios for Windows Information Protection (WIP) (Windows 10)
-description: We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
+description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
 ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2
 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
 ms.prod: w10
@@ -22,16 +22,145 @@ We've come up with a list of suggested testing scenarios that you can use to tes
 ## Testing scenarios
 You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
 
-|Scenario |Processes |
-|---------|----------|
-|Automatically encrypt files from enterprise apps |<ol><li>Start an unmodified (for example, WIP-unaware) line-of-business app that's on your allowed apps list and then create, edit, write, and save files.</li><li>Make sure that all of the files you worked with from the WIP-unaware app are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li><li>Open File Explorer and make sure your modified files are appearing with a **Lock** icon.<p>**Note**<br>Some file types, like .exe and .dll, along with some file paths, like `%windir%` and `%programfiles%`, are excluded from automatic encryption.</li></ol> |
-|Block enterprise data from non-enterprise apps |<ol><li>Start an app that doesn't appear on your allowed apps list, and then try to open an enterprise-encrypted file.<p>The app shouldn't be able to access the file.</li><li>Try double-clicking or tapping on the enterprise-encrypted file.<p>If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message.</li></ol> |
-|Copy and paste from enterprise apps to non-enterprise apps |<ol><li>Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.<p>You should see a WIP-related warning box, asking you to click either **Got it** or **Cancel**.</li><li>Click **Cancel**.<p>The content isn't pasted into the non-enterprise app.</li><li>Repeat Step 1, but this time click **Got it**, and try to paste the content again.<p>The content is pasted into the non-enterprise app.</li><li>Try copying and pasting content between apps on your allowed apps list.<p>The content should copy and paste between apps without any warning messages.</li></ol> |
-|Drag and drop from enterprise apps to non-enterprise apps |<ol><li>Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.<p>You should see a WIP-related warning box, asking you to click either **Drag Anyway** or **Cancel**.</li><li>Click **Cancel**.<p>The content isn't dropped into the non-enterprise app.</li><li>Repeat Step 1, but this time click **Drag Anyway**, and try to drop the content again.<p>The content is dropped into the non-enterprise app.</li><li>Try dragging and dropping content between apps on your allowed apps list.<p>The content should move between the apps without any warning messages.</li></ol> |
-|Share between enterprise apps and non-enterprise apps |<ol><li>Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.<p>You should see a WIP-related warning box, asking you to click either **Share Anyway** or **Cancel**.</li><li>Click **Cancel**.<p>The content isn't shared into Facebook.</li><li>Repeat Step 1, but this time click **Share Anyway**, and try to share the content again.<p>The content is shared into Facebook.</li><li>Try sharing content between apps on your allowed apps list.<p>The content should share between the apps without any warning messages.</li></ol> | 
-|Use the **Encrypt to** functionality |<ol><li>Open File Explorer on the desktop, right-click a decrypted file, and then click **Encrypt to** from the **Encrypt to** menu.<p>WIP should encrypt the file to your Enterprise Identity.</li><li>Make sure that the newly encrypted file has a **Lock** icon.</li><li>In the **Encrypted to** column of File Explorer on the desktop, look for the enterprise ID value.</li><li>Right-click the encrypted file, and then click **Not encrypted** from the **Encrypt to** menu.<p>The file should be decrypted and the **Lock** icon should disappear.</li></ol> |
-|Verify that Windows system components can use WIP |<ol><li>Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.</li><li>Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li><li>Open File Explorer and make sure your modified files are appearing with a **Lock** icon</li><li>Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.<p>**Note**<br>Most Windows-signed components like Windows Explorer (when running in the user’s context), should have access to enterprise data.<p>A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.</li></ol> |
-|Use WIP on FAT/exFAT systems |<ol><li>Start an app that uses the FAT or exFAT file system and appears on your allowed apps list.</li><li>Create, edit, write, save, and move files.<p>Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.</li><li>Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.</li></ol> |
-|Use WIP on NTFS systems |<ol><li>Start an app that uses the NTFS file system and appears on your allowed apps list.</li><li>Create, edit, write, save, and move files.<p>Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.</li><li>Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.</li></ol> |
-|Unenroll client devices from WIP |<ul><li>Unenroll a device from WIP by going to **Settings**, click **Accounts**, click **Work**, click the name of the device you want to unenroll, and then click **Remove**.<p>The device should be removed and all of the enterprise content for that managed account should be gone.<p>**Important**<br>Unenrolling a device revokes and erases all of the enterprise data for the managed account.</li></ul> |
-|Verify that app content is protected when a Windows 10 Mobile phone is locked |<ul><li>Check that protected app data doesn't appear on the **Lock** screen of a Windows 10 Mobile phone</li></ul> |
\ No newline at end of file
+<table>
+    <tr>
+        <th>Scenario</th>
+        <th>Processes</th>
+    </tr>
+    <tr>
+        <td>Encrypt and decrypt files using File Explorer.</td>
+        <td><strong>For desktop:</strong><p>
+            <ol>
+                <li>Open File Explorer, right-click a work document, and then click <strong>Work</strong> from the <strong>File Ownership</strong> menu.<br>Make sure the file is encrypted by right-clicking the file again, clicking <strong>Advanced</strong> from the <strong>General</strong> tab, and then clicking <strong>Details</strong> from the <strong>Compress or Encrypt attributes</strong> area. The file should show up under the heading, <strong>This enterprise domain can remove or revoke access:</strong> <em>&lt;your_enterprise_identity&gt;</em>. For example, contoso.com.</li>
+                <li>In File Explorer, right-click the same document, and then click <strong>Personal</strong> from the <strong>File Ownership</strong> menu.<br>Make sure the file is decrypted by right-clicking the file again, clicking <strong>Advanced</strong> from the <strong>General</strong> tab, and then verifying that the <strong>Details</strong> button is unavailable.</li>
+            </ol>
+            <strong>For mobile:</strong><p>
+            <ol>
+                <li>Open the File Explorer app, browse to a file location, click the elipsis (...), and then click <strong>Select</strong> to mark at least one file as work-related.</li>
+                <li>Click the elipsis (...) again, click <strong>File ownership</strong> from the drop down menu, and then click <strong>Work</strong>.<br>Make sure the file is encrypted, by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Select the same file, click <strong>File ownership</strong> from the drop down menu, and then click <strong>Personal</strong>.<br>Make sure the file is decrypted and that you're no longer seeing the <strong>Briefcase</strong> icon next to file name.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Create work documents in enterprise-allowed apps.</td>
+        <td><strong>For desktop:</strong><p>
+            <ul>
+                <li>Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.<br>Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.<p><strong>Important</strong><br>Certain file types like <code>.exe</code> and <code>.dll</code>, along with certain file paths, such as <code>%windir%</code> and <code>%programfiles%</code> are excluded from automatic encryption.<p>For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.</li>
+            </ul>
+            <strong>For mobile:</strong><p>
+            <ol>
+                <li>Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as <strong>Work</strong> to a local, work-related location.<br>Make sure the document is encrypted, by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Open the same document and attempt to save it to a non-work-related location.<br>WIP should stop you from saving the file to this location.</li>
+                <li>Open the same document one last time, make a change to the contents, and then save it again using the <strong>Personal</strong> option.<br>Make sure the file is decrypted and that you're no longer seeing the <strong>Briefcase</strong> icon next to file name.</li>
+            </ol>
+        </td>        
+    </tr>
+    <tr>
+        <td>Block enterprise data from non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.<br>The app shouldn't be able to access the file.</li>
+                <li>Try double-clicking or tapping on the work-encrypted file.<br>If your default app association is an app not on your allowed apps list, you should get an <strong>Access Denied</strong> error message.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Copy and paste from enterprise apps to non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <strong>Change to personal</strong> or <strong>Keep at work</strong>.</li>
+                <li>Click <strong>Keep at work</strong>.<br>The content isn't pasted into the non-enterprise app.</li>
+                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to paste the content again.<br>The content is pasted into the non-enterprise app.</li>
+                <li>Try copying and pasting content between apps on your allowed apps list.<br>The content should copy and paste between apps without any warning messages.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Drag and drop from enterprise apps to non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <strong>Keep at work</strong> or <strong>Change to personal</strong>.</li>
+                <li>Click <strong>Keep at work</strong>.<br>The content isn't dropped into the non-enterprise app.</li>
+                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to drop the content again.<br>The content is dropped into the non-enterprise app.</li>
+                <li>Try dragging and dropping content between apps on your allowed apps list.<br>The content should move between the apps without any warning messages.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Share between enterprise apps and non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.<br>You should see a WIP-related warning box, asking you to click either <strong>Keep at work</strong> or <strong>Change to personal</strong>.</li>
+                <li>Click <strong>Keep at work</strong>.<br>The content isn't shared into Facebook.</li>
+                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to share the content again.<br>The content is shared into Facebook.</li>
+                <li>Try sharing content between apps on your allowed apps list.<br>The content should share between the apps without any warning messages.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify that Windows system components can use WIP.</td>
+        <td>
+            <ol>
+                <li>Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.<br>Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li>
+                <li>Open File Explorer and make sure your modified files are appearing with a <strong>Lock</strong> icon.</li>
+                <li>Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.<p><strong>Note</strong><br>Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.<p>A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Use WIP on NTFS, FAT, and exFAT systems.</td>
+        <td>
+            <ol>
+                <li>Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list.</li>
+                <li>Create, edit, write, save, copy, and move files.<br>Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify your shared files can use WIP.</td>
+        <td>
+            <ol>
+                <li>Download a file from a protected file share, making sure the file is encrypted by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.</li>
+                <li>Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.<br>The app shouldn't be able to access the file share.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify your cloud resources can use WIP.</td>
+        <td>
+            <ol>
+                <li>Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.</li>
+                <li>Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.<br>Both browsers should respect the enterprise and personal boundary.</li>
+                <li>Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.<br>IE11 shouldn't be able to access the sites.<p><strong>Note</strong><br>Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as <strong>Work</strong>.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify your Virtual Private Network (VPN) can be auto-triggered.</td>
+        <td>
+            <ol>
+                <li>Set up your VPN network to start based on the <strong>WIPModeID</strong> setting.<br>For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-wip-policy-using-intune.md) topic.</li>
+                <li>Start an app from your allowed apps list.<br>The VPN network should automatically start.</li>
+                <li>Disconnect from your network and then start an app that isn't on your allowed apps list.<br>The VPN shouldn't start and the app shouldn't be able to access your enterprise network.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Unenroll client devices from WIP.</td>
+        <td>
+            <ul>
+                <li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<p><strong>Important</strong><br>On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
+            </ul>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify that app content is protected when a Windows 10 Mobile phone is locked.</td>
+        <td>
+            <ul>
+                <li>Check that protected app data doesn't appear on the Lock screen of a Windows 10 Mobile phone.</li>
+            </ul>
+        </td>
+    </tr>
+</table>    
\ No newline at end of file
diff --git a/windows/keep-secure/tpm-fundamentals.md b/windows/keep-secure/tpm-fundamentals.md
index 6969c89924..92a6fe9b1d 100644
--- a/windows/keep-secure/tpm-fundamentals.md
+++ b/windows/keep-secure/tpm-fundamentals.md
@@ -195,5 +195,5 @@ You can fix this by clearing the TPM.
 - [Trusted Platform Module Services Group Policy Settings](trusted-platform-module-services-group-policy-settings.md)
 - [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx)
 - [Schema Extensions for Windows Server 2008 R2 to support AD DS backup of TPM information from Windows 8 clients](ad-ds-schema-extensions-to-support-tpm-backup.md)
-- [TPM WMI providers](http://go.microsoft.com/fwlink/p/?LinkId=93478)
+- [TPM WMI providers](https://go.microsoft.com/fwlink/p/?LinkId=93478)
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](http://technet.microsoft.com/library/jj592683.aspx)
diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md
index 0714fff961..acf27319d7 100644
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@@ -84,7 +84,7 @@ For more info, see [fTPM: A Firmware-based TPM 2.0 Implementation](http://resear
 
 ## Is there any importance for TPM for consumer?
 
-For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, secures streaming high quality 4K content and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
+For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
 
 ## TPM 2.0 Compliance for Windows 10
 
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 2025b51e99..7e351ee5aa 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -85,9 +86,9 @@ If none of the event logs and troubleshooting steps work, download the Local scr
 
 Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
 :---|:---|:---|:---|:---
-0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding |  **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding |  **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
  | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. <br> <br> If it doesn't exist, open an elevated command and add the key.
-  | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+  | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
    | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported.
    0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient.  | All |  **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional.
 
diff --git a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
index 5ed6bf4bc5..150079eaff 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -8,13 +8,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Troubleshoot Windows Defender Advanced Threat Protection
 
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
index a53f073958..df382bc1fe 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
@@ -316,8 +317,8 @@ Description of the error. </dt>
 <p>To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
-<li>If it fails in the same way, go to the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1290,8 +1291,8 @@ Description of the error. </dt>
 <p> </p>
 <p>If this event persists:<ol>
 <li>Run the scan again.</li>
-<li>If it fails in the same way, go to the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1504,13 +1505,13 @@ Description of the error. </dt>
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
 <li>Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1607,12 +1608,12 @@ Description of the error. </dt>
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1663,10 +1664,10 @@ Description of the error. </dt>
 <p>To troubleshoot this event:
 <ol>
 <li>Restart the computer and try again.</li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -2322,7 +2323,7 @@ Description of the error. </dt>
 <p>User action:</p>
 </td>
 <td colspan="2">
-<p>The real-time protection feature has restarted. If this event happens again, contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. </p>
+<p>The real-time protection feature has restarted. If this event happens again, contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. </p>
 </td>
 </tr>
 <tr>
@@ -2498,7 +2499,7 @@ or Hang</dt>
 </li>
 </ul>
 </li>
-<li>If it fails in the same way, look up the error code by accessing the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support Site</a>  and entering the error number in the <b>Search</b> box, and contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.</li>
+<li>If it fails in the same way, look up the error code by accessing the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support Site</a>  and entering the error number in the <b>Search</b> box, and contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.</li>
 </ol>
 </p>
 </td>
@@ -2512,8 +2513,8 @@ or Hang</dt>
 <p>To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
-<li>If it fails in the same way, go to the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -2753,8 +2754,8 @@ Use the information in these tables to help troubleshoot Windows Defender error
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
@@ -2996,8 +2997,8 @@ article</a>.</p>
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index ff626bb1de..5973f94f6f 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -22,33 +22,38 @@ The TPM Services Group Policy settings are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-| Setting | Windows 10 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
-| - | - | - | - | - | - |
-| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | X| X| X| X| X| 
-| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| 
-| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| 
-| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| 
-| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| X| X| X|||  
-| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X|||  
-| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X|||  
-| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X||||
- 
+| Setting | Windows 10, version 1607 | Windows 10, version 1511 and Windows 10, version 1507 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
+| - | - | - | - | - | - | - |
+| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | | X| X| X| X| X| 
+| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| X| 
+| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| X| 
+| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| X| 
+| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| | X| X| X|||  
+| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X| X|||  
+| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X| X|||  
+| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X| X||||
+
 ### <a href="" id="bkmk-tpmgp-addsbu"></a>Turn on TPM backup to Active Directory Domain Services
 
 This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of TPM owner information.
 
->**Note:**  This policy setting applies to the Windows operating systems listed in the [version table](#bkmk-version-table).
- 
+>[!NOTE]  
+>This policy setting applies to the Windows operating systems listed in the [version table](#bkmk-version-table).
+
+
 TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands.
 
->**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md).
- 
-The TPM cannot be used to provide enhanced security features for BitLocker Drive Encryption and other applications without first setting an owner. To take ownership of the TPM with an owner password, on a local computer at the command prompt, type **tpm.msc** to open the TPM Management Console and select the action to **Initialize TPM**. If the TPM owner information is lost or is not available, limited TPM management is possible by running **tpm.msc**.
+>[!IMPORTANT]  
+>To back up TPM owner information from a computer running Windows 10, version 1507, Windows 10, version 1511, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). This functionality is discontinued starting with Windows 10, version 1607.
 
 If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
 
 If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
 
+>[!NOTE]  
+> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
+
+
 ### <a href="" id="bkmk-tpmgp-clbtc"></a>Configure the list of blocked TPM commands
 
 This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands that are blocked by Windows.
@@ -99,10 +104,10 @@ This policy setting configures how much of the TPM owner authorization informati
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
 -   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used.
--   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value—for example, backing up the value in Active Directory Domain Services (AD DS).
+-   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows.
 -   **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
 
->**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid. If you are backing up the TPM owner authorization value to AD DS, the new owner authorization value is automatically backed up to AD DS when it is changed.
+>**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid.
  
 **Registry information**
 
@@ -132,8 +137,6 @@ authorization to the TPM.
  
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption.
 
-The number of authorization failures that a TPM allows and how long it stays locked vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time, with fewer authorization failures, depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require that the system is on so enough clock cycles elapse before the TPM exits the lockout mode.
-
 This setting helps administrators prevent the TPM hardware from entering a lockout mode by slowing the speed at which standard users can send commands that require authorization to the TPM.
 
 For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration:
@@ -176,8 +179,6 @@ For each standard user two thresholds apply. Exceeding either threshold will pre
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features 
 such as BitLocker Drive Encryption..
 
-The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
-
 An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
 If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
diff --git a/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md b/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md
index 088acf33fa..0ab40df034 100644
--- a/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index cadbd4c872..2f238a4d6d 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Use the Windows Defender Advanced Threat Protection portal
@@ -15,7 +16,7 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
index 03fcc34124..88ab773159 100644
--- a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
+++ b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
@@ -25,7 +25,7 @@ In these procedures, you confirm that the rules you deployed are working correct
 
 -   **Encryption zone.** Similar to the main isolation zone, after you confirm that the network traffic to zone members is properly authenticated and encrypted, you must convert your zone rules from request mode to require mode.
 
->**Note:**  In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <http://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your device. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
+>**Note:**  In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <https://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your device. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
 
  
 
diff --git a/windows/keep-secure/vpn-profile-options.md b/windows/keep-secure/vpn-profile-options.md
index ef04831e0b..90c8e2aa2d 100644
--- a/windows/keep-secure/vpn-profile-options.md
+++ b/windows/keep-secure/vpn-profile-options.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # VPN profile options
@@ -62,6 +62,6 @@ A VPN profile configured with LockDown secures the device to only allow network
 ## Learn more
 
 - [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
-- [VPNv2 configuration service provider (CSP) reference](http://go.microsoft.com/fwlink/p/?LinkId=617588)
-- [How to Create VPN Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618028)
+- [VPNv2 configuration service provider (CSP) reference](https://go.microsoft.com/fwlink/p/?LinkId=617588)
+- [How to Create VPN Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618028)
 
diff --git a/windows/keep-secure/why-a-pin-is-better-than-a-password.md b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
index b9bb671c49..4fb387f147 100644
--- a/windows/keep-secure/why-a-pin-is-better-than-a-password.md
+++ b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
@@ -30,7 +30,7 @@ Even you can't use that PIN anywhere except on that specific device. If you want
 
 A password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server.
 When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.
-> **Note:**  For details on how Hello uses asymetric key pairs for authentication, see [Microsoft Passport guide](http://go.microsoft.com/fwlink/p/?LinkId=691928).
+> **Note:**  For details on how Hello uses asymetric key pairs for authentication, see [Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928).
  
 ## PIN is backed by hardware
 
@@ -70,7 +70,7 @@ If you only had a biometric sign-in configured and, for any reason, were unable
 
 ## Related topics
 
-[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
+[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 
 [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
  
\ No newline at end of file
diff --git a/windows/keep-secure/windows-10-mobile-security-guide.md b/windows/keep-secure/windows-10-mobile-security-guide.md
index 0cb9c52700..85ff61bf41 100644
--- a/windows/keep-secure/windows-10-mobile-security-guide.md
+++ b/windows/keep-secure/windows-10-mobile-security-guide.md
@@ -1,254 +1,167 @@
 ---
 title: Windows 10 Mobile security guide (Windows 10)
-description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
+description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
 ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205
 keywords: data protection, encryption, malware resistance, smartphone, device, Windows Store
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, mobile
+localizationpriority: high
 author: AMeeus
 ---
-
 # Windows 10 Mobile security guide
 
-**Applies to**
--   Windows 10 Mobile
+*Applies to Windows 10 Mobile, version 1511 and Windows Mobile, version 1607*
 
-This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
+>This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
 
-## Overview
+Smartphones now serve as a primary productivity tool for business workers and, just like desktops or laptops, need to be secured against malware and data theft. Protecting these devices can be challenging due to the wide range of device operating systems and configurations and the fact that many employees use their own personal devices. IT needs to secure corporate assets on every device, but also ensure the privacy of the user’s personal apps and data. 
+Windows 10 Mobile addresses these security concerns directly, whether workers are using personal or corporate-owned devices. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. These technologies include:
+-	**Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods. 
+-	**Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps.
+-	**Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices. 
 
-Windows 10 Mobile is specifically designed for smartphones and small tablets. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. Several broad categories of security work went into Windows 10 Mobile:
+This guide helps IT administrators better understand the security features in Windows 10 Mobile, which can be used to improve protection against unauthorized access, data leakage, and malware. 
 
--   **Identity and access control.** Microsoft has greatly enhanced identity and access control features to simplify and improve the security of user authentication. These features include Windows Hello and Microsoft Passport, which better protect user identities through easy-to-deploy and easy-to-use multifactor authentication (MFA). (Windows Hello requires either a specialized illuminated infrared \[IR\] camera for facial recognition and iris detection or a finger print reader that supports the Windows Biometric Framework.)
--   **Data protection.** Confidential data is better protected from compromise than ever before. Windows 10 Mobile uses several data-protection technologies and delivers them in a user-friendly and IT-manageable way.
--   **Malware resistance.**Windows 10 Mobile helps protect critical system resources and apps to reduce the threat of malware, including support for enterprise-grade secure hardware and Secure Boot.
--   **App platform security.** The Windows 10 Mobile enterprise-grade secure app platform provides multiple layers of security. For example, Windows Store checks all apps for malware to help prevent malware from reaching devices. 
+**In this article:**
+-	Windows Hello for Business
+-	Windows Information Protection
+-	Malware resistance
 
-In addition, AppContainer application isolation helps prevent any malicious app from compromising other apps.
+## Windows Hello
 
-This guide explains each of these technologies and how they help protect your Windows 10 Mobile devices.
+Windows 10 Mobile includes Windows Hello, a simple, yet powerful, multifactor authentication solution that confirms a user’s identity before allowing access to corporate confidential information and resources. Multifactor authentication is a more secure alternative to password-based device security. Users dislike having to enter long, complex passwords – particularly on a mobile device touch screen – that corporate policy requires they change frequently. This leads to poor security practices like password reuse, written down passwords, or weak password creation. 
 
-## Identity and access control
+Windows Hello offers a simple, cost-effective way to deploy multifactor authentication across your organization. Unlike smart cards, it does not require public key infrastructure or the implementation of additional hardware. Workers use a PIN, a companion device (like Microsoft Band), or biometrics to validate their identity for accessing corporate resources on their Azure Active Directory (Azure AD) registered Windows 10 Mobile device. 
 
-A fundamental component of security is the notion that a user has a unique identity and that that identity is either allowed or denied access to resources. This notion is traditionally known as access control, which has three parts:
--   **Identification.** The user (subject) asserts a unique identity to the computer system for the purpose of accessing a resource (object), such as a file or an app.
--   **Authentication.** Authentication is the process of proving the asserted identity and verifying that the subject is indeed the subject.
--   **Authorization.** The system compares the authenticated subject’s access rights against the object’s permissions and either allows or denies the requested access.
+Because Windows Hello is supported across all Windows 10 devices, organizations can uniformly implement multifactor authentication across their environment. Deploying Windows Hello on Windows 10 Mobile devices does require Azure AD (sold separately), but you can use Azure AD Connect to synchronize with your on-premises Active Directory services.
 
-The way an operating system implements these components makes a difference in preventing attackers from accessing corporate data. Only users who prove their identities and are authorized to access that data can access it. In security, however, there are varying degrees of identity proof and many different requirements for authorization limits. The access control flexibility most corporate environments need presents a challenge for any operating system. Table 1 lists typical Windows access control challenges and the solutions that Windows 10 Mobile offers.
+Windows Hello supports iris scan, fingerprint, and facial recognition-based authentication for devices that have biometric sensors. 
 
-Table 1. Windows 10 Mobile solutions for typical access control challenges
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Access control challenge</th>
-<th align="left">Windows 10 Mobile solutions</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Organizations frequently use passwords to authenticate users and provide access to business applications or the corporate network, because more trustworthy authentication alternatives are too complex and costly to deploy.</p></td>
-<td align="left"><p>Windows Hello provides biometrics to identify the user and unlock the device that closely integrates with Microsoft Passport to identify, authenticate, and authorize users to access the corporate network or applications from their Windows 10 Mobile device with supporting biometric hardware.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>When an organization uses smart cards, it must purchase a smart card reader, smart cards, and smart card management software. These solutions are complex and costly to implement; they also tend to delay mobile productivity.</p></td>
-<td align="left"><p>Windows Hello with Microsoft Passport enables a simple and cost-effective MFA deployment across the organization, enhancing the business’ security stance.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Mobile device users must enter their password on a touch keyboard. Entering complex passwords in this way is error prone and less efficient than a keyboard.</p></td>
-<td align="left"><p>Windows Hello helps enable iris scan, fingerprint, and facial recognition-based authentication for devices that have biometric sensors. These biometric identification options are more convenient and more efficient than password-based logon.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Users dislike the need to enter long, complex passwords to log on to corporate services, especially passwords that must change frequently. This frustration often leads to password reuse, passwords written on notepads, and weak password composition.</p></td>
-<td align="left"><p>Microsoft Passport allows users to sign in once and gain access to corporate resources without having to re-enter complex passwords. Authentication credentials are bound to the device through a built-in Trusted Platform Module (TPM) and cannot be removed.</p></td>
-</tr>
-</tbody>
-</table>
- 
-The following sections describe these challenges and solutions in more detail.
+>**Note:** When Windows 10 first shipped, it included **Microsoft Passport** and **Windows Hello**, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the **Windows Hello** name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
 
-### Microsoft Passport
+### <a href="" id="secured-credentials"></a>Secured credentials
 
-Microsoft Passport provides strong MFA, fully integrated into Windows devices, to replace passwords. To authenticate, the user must have a Microsoft Azure Active Directory (Azure AD)–registered device and either a PIN or Windows Hello biometric gesture to unlock the device. Microsoft Passport is conceptually similar to a smart card but more flexible, as it doesn’t require a public key infrastructure or the implementation of additional hardware and supports biometric identification.
+Windows Hello eliminates the use of passwords for login, reducing the risk that an attacker will steal and reuse a user’s credentials. Windows 10 Mobile devices are required to have a Trusted Platform Module (TPM), a microchip that enables advanced security features. The TPM creates encryption keys that are “wrapped” with the TPM’s own storage root key, which is itself stored within the TPM to prevent credentials from being compromised. Encryption keys created by the TPM can only be decrypted by the same TPM, which protects the key material from attackers who want to capture and reuse it. 
 
-Microsoft Passport offers three significant advantages over the previous state of Windows authentication: it’s more flexible, it’s based on industry standards, and it more effectively mitigates risks.
-### It's effective
+To compromise Windows Hello credentials, an attacker would need access to the physical device, and then find a way to spoof the user’s biometric identity or guess his or her PIN. All of this would have to be accomplished before TPM brute-force resistance capabilities lock the mobile device, the theft-protection mechanism kicks in, or the user or corporate administrator remotely wipes the device. With TPM-based protection, an attacker’s window of opportunity for compromising a user’s credentials is greatly reduced.
 
-Microsoft Passport eliminates the use of passwords for logon and so reduces the risk that an attacker will steal and reuse a user’s credentials. User key material, which includes the user’s private key, is available only on the device that generated it. The key material is protected with the TPM, which protects the key material from attackers who want to capture and reuse it. It is a Windows Hardware Certification Program requirement that every Windows 10 Mobile device include a TPM.
+### <a href="" id="support-for-biometrics"></a>Support for biometrics
 
-To compromise a Microsoft Passport credential that the TPM protects, an attacker must have access to the physical device, and then find a way to spoof the user’s biometrics identity or guess his or her PIN—and all of this must be done before TPM brute-force resistance capabilities lock the mobile device, the theft-protection mechanism kicks in, or the user or corporate administrator remotely wipes the device. This technology greatly reduces an attacker’s window of opportunity for compromising a user’s credentials.
+Biometrics help prevent credential theft and make it easier for users to login to their devices. Users always have their biometric identity with them – there is nothing to forget, lose, or leave behind. Attackers would need to have both access to the user’s device and be able to impersonate the user’s biometric identity to gain access to corporate resources, which is far more difficult than stealing a password.  
 
-### It's flexible
+Windows Hello supports three biometric sensor scenarios:
+-	**Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology.
+-	**Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello.
+-	**Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology.
 
-Microsoft Passport offers unprecedented flexibility along with enterprise-grade security.
+>Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture.
 
-Most importantly, Microsoft Passport works with biometrics or PINs and gives you options beyond long, complex passwords. Instead of users memorizing and retyping often-changed passwords, Microsoft Passport enables PIN- and biometrics-based identification through Windows Hello to identify users more securely.
+All three of these biometric factors – face, finger, and iris – are unique to an individual. To capture enough data to uniquely identify an individual, a biometric scanner might initially capture images in multiple conditions or with additional details. For example, an iris scanner will capture images of both eyes or both eyes with and without eyeglasses or contact lenses.
 
-The Windows 10 Mobile device that the user logs on to is an authentication factor, as well. The credentials used and the private key on the device are device specific and bound to the device’s TPM.
+Spoofing biometric data is often a big concern in enterprise environments. Microsoft employs several anti-spoofing techniques in Windows 10 Mobile that verify the trustworthiness of the biometric device, as well as guard against intentional collision with stored biometric measurements. These techniques help improve the false-acceptance rate (the rate at which spoofed biometric data is accepted as authentic) while maintaining the overall usability and manageability of MFA.
 
-In the future, Microsoft Passport will also enable people to use Windows 10 Mobile devices as a remote credential when signing in to PCs running Windows 10. Users will use their PINs or biometrics to unlock their phones, and their phones will unlock their PCs. Phone sign-in with Microsoft Passport will make implementing MFA for scenarios where the user’s credentials must be physically separate from the PC the user is signing in to less costly and complex than other solutions. Phone sign-in will also make it easier for users and IT pros because users can use their phones to sign in to any corporate device instead of enrolling a user credential on each.
+The biometric image collected at enrollment is converted into an algorithmic form that cannot be converted back into the original image. Only the algorithmic form is kept; the actual biometric image is removed from the device after conversion. Windows 10 Mobile devices both encrypt the algorithmic form of the biometric data and bind the encrypted data to the device, both of which help prevent someone from removing the data from the phone. As a result, the biometric information that Windows Hello uses is a local gesture and doesn’t roam among the user’s devices.
 
-With Microsoft Passport, you gain flexibility in the data center, too. To deploy it for Windows 10 Mobile devices, you must set up Azure AD, but you don’t have to replace or remove your existing Active Directory environment. Using Azure AD Connect, organizations can synchronize these two directory services. Microsoft Passport builds on and adds to your existing infrastructure and allows you to federate with Azure AD.
+### <a href="" id="companion-devices"></a>Companion devices
 
-Microsoft Passport is also supported on the desktop, giving organizations a uniform way to implement strong authentication on all devices. This flexibility makes it simpler for Microsoft Passport to supplement existing smart card or token deployments for on-premises Windows PC scenarios, adding MFA to mobile devices and users who don’t currently have it for extra protection of sensitive resources or systems that these mobile devices access.
+A Windows Hello companion device enables a physical device, like a wearable, to serve as a factor for validating the user’s identity before granting them access to their credentials. For instance, when the user has physical possession of a companion device they can easily, possibly even automatically, unlock their PC and authenticate with apps and websites. This type of device can be useful for smartphones or tablets that don’t have integrated biometric sensors or for industries where users need a faster, more convenient sign-in experience, such as retail.
 
-### It's standardized
+In some cases, the companion device for Windows Hello enables a physical device, like a phone, wearable, or other types of device to store all of the user’s credentials. Storage of the credentials on a mobile device makes it possible to use them on any supporting device, like a kiosk or family PC, and eliminates the need to enroll Windows Hello on each device. Companion devices also help enable organizations to meet regulatory requirements, such as Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS 140-2).
 
-Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end: the future lies with open, interoperable systems that allow secure authentication across a variety of devices, line-of-business (LOB) apps, and external applications and websites. To this end, a group of industry players formed the Fast Identity Online (FIDO) Alliance. The FIDO Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices as well as the problems users face in creating and remembering multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to authenticate users of online services securely. This new standard can allow any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms using a standardized set of interfaces and protocols.
-In 2014, Microsoft joined the board of the FIDO Alliance. FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards and of course new ideas. Microsoft has contributed Microsoft Passport technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
+### <a href="" id="standards-based-approach"></a>Standards-based approach 
 
-### Windows Hello
+The Fast Identity Online (FIDO) Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices and the problems users face in creating and remembering multiple user names and passwords. FIDO standards help reduce reliance on passwords to authenticate users of online services securely, allowing any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms. 
 
-Windows Hello is the new biometric framework for Windows 10. Because biometric identification is built directly into the operating system, it allows you to use your iris, face, or fingerprint to unlock your mobile device. Windows Hello unlocks Microsoft Passport credentials, which enable authentication to resources or relying parties such as software-as-a-service applications like Microsoft Office 365.
-Windows Hello supports three biometric sensor options that are suitable for enterprise scenarios:
+In 2014, Microsoft joined the board of the FIDO Alliance. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards. Microsoft has contributed Windows Hello technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for both enterprises and consumers.
 
--   **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology.
--   **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello.
--   **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology.
-> **Note:**  Users must create an unlock PIN before they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture.
- 
-All three of these biometric factors—the face, the finger, and the iris—are unique to an individual. To capture enough data to uniquely identify an individual, a biometric scanner might initially capture images in multiple conditions or with additional details. For example, an iris scanner will capture images of both eyes; or both with and without eyeglasses or contact lenses.
+## Windows Information Protection
 
-Spoofing biometric data is often a big concern in enterprise environments. Microsoft employs several anti-spoofing techniques in Windows 10 Mobile that verify the trustworthiness of the biometric device as well as guard against intentional collision with stored biometric measurements. These techniques help improve the false-acceptance rate (the rate at which spoofed biometric data is accepted as authentic) while maintaining the overall usability and manageability of MFA.
+Enterprises have seen huge growth in the convergence of personal and corporate data storage. Personal data is frequently stored on corporate devices and vice versa. This fluidity increases the potential for sensitive corporate data to be accidentally compromised.
 
-The biometric image collected at enrollment is converted into an algorithmic form that cannot be converted back into the original image. Only the algorithmic form is kept; the actual biometric image is removed from the device after conversion. Windows 10 Mobile devices both encrypt the algorithmic form of the biometric data and bind the encrypted data to the device, both of which help prevent someone from removing the data from the phone. As a result, the biometric information that Windows Hello uses is a local gesture and doesn’t roam among the user’s devices.
+Inadvertent disclosure is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. It’s easy to imagine that an employee using work email on their personal phone could unintentionally save an attachment containing sensitive company information to personal cloud storage, which could be shared with unauthorized people. This accidental sharing of corporate data is just one example of the challenges common to using mobile devices in the workplace. To prevent this type of data leakage, most solutions require users to login with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. 
 
-Windows Hello offers several major benefits. First, it helps to address the problems of credential theft and sharing because an attacker must obtain the mobile phone and impersonate the user’s biometric identity, which is more difficult than stealing a device unlock password. Second, the use of biometrics gives users an authenticator that’s always with them—there’s nothing to forget, lose, or leave behind. Instead of worrying about memorizing long, complex passwords, users can take advantage of a convenient, enterprise-grade secure method for logging on to their Windows 10 Mobile device. Finally, there’s nothing additional to deploy, because Microsoft built Windows Hello support directly into the operating system. All you need is a device that includes a supported biometric sensor.
+Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data secure and personal data private. Because corporate data is always protected, users cannot inadvertently copy it or share it with unauthorized users or apps. Key features include:
+-	Automatically tag personal and corporate data.
+-	Protect data while it’s at rest on local or removable storage.
+-	Control which apps can access corporate data.
+-	Control which apps can access a virtual private network (VPN) connection.
+-	Prevent users from copying corporate data to public locations.
+-	Help ensure business data is inaccessible when the device is in a locked state. 
 
-The device that senses the biometric factors must report the data to Windows Hello quickly and accurately. For this reason, Microsoft determines which factors and devices are trustworthy and accurate prior to their inclusion in Windows Hello. For more information, see [Windows 10 specifications](http://go.microsoft.com/fwlink/p/?LinkId=722908).
+### <a href="" id="enlightened-apps"></a>Enlightened apps
 
-## Data protection
+Third-party data loss protection solutions usually require developers to wrap their apps. However, Windows Information Protection builds this intelligence right into Windows 10 Mobile so most apps require nothing extra to prevent inappropriate corporate data sharing.
 
-Windows 10 Mobile continues to provide solutions that help protect information against unauthorized access and disclosure.
+Windows Information Protection classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data will be encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default. 
 
+When you do not want all data encrypted by default – because it would create a poor user experience – developers should consider enlightening apps by adding code and compiling them using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that:
+-	Don’t use common controls for saving files.
+-	Don’t use common controls for text boxes.
+-	Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance).
 
-### Device encryption
-Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating system and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device.
+In many cases, most apps don’t require enlightenment for them to use Windows Information Protection. Simply adding them to the allow list is the only step you need to take. Line-of-Business (LOB) apps are a good example of where this works well because they only handle corporate data.
 
-You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. Table 2 lists the policies you can change to customize device encryption on Windows 10 Mobile devices.
+**When is app enlightenment required?** 
+-	**Required** 
+    -	App needs to work with both personal and enterprise data.
+-	**Recommended** 
+    -	App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps.
+    -	App needs to access enterprise data, while protection under lock is activated.
+-	**Not required**
+    -	App handles only corporate data 
+    -	App handles only personal data
 
-Table 2. Windows 10 cryptography policies
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Area name</th>
-<th align="left">Policy name</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Cryptography</p></td>
-<td align="left"><p>Allow FIPS Algorithm Policy</p></td>
-<td align="left"><p>Enable or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>BitLocker</p></td>
-<td align="left"><p>Encryption Method</p></td>
-<td align="left"><p>Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Cryptography</p></td>
-<td align="left"><p>TLS Cipher Suite</p></td>
-<td align="left"><p>This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections.</p></td>
-</tr>
-</tbody>
-</table>
- 
-For a complete list of policies available, see [Policy CSP](https://technet.microsoft.com/library/dn904962.aspx).
+### <a href="" id="companion-devices"></a>Data leakage control
 
-### <a href="" id="enterprise-data-protection--"></a>Enterprise data protection
+To configure Windows Information Protection in a Mobile Device Management (MDM) solution that supports it, simply add authorized apps to the allow list. When a device running Windows 10 Mobile enrolls in the MDM solution, unauthorized apps will not have access to enterprise data.
 
-Enterprises have seen huge growth in the convergence of personal and corporate data storage. Personal data is frequently stored on corporate devices and vice versa. This situation increases the potential for compromise of sensitive corporate data.
+Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Window Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data.
 
-One growing risk is authorized users’ accidental disclosure of sensitive data—a risk that is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. One example is common among organizations: an employee connects his or her personal phone to the company’s Microsoft Exchange Server instance for email. He or she uses the phone to work on email that includes attachments with sensitive data. When sending the email, the user accidentally copies a supplier. Content protection is only as strong as the weakest link, and in this example, the unintended sharing of sensitive data with unauthorized people might not have been prevented with standard data encryption.
+The extent to which users will be prevented from copying and pasting data from authorized apps to unauthorized apps or locations on the web depends on which protection level is set:
+-	**Block.** Windows Information Protection blocks users from completing the operation.
+-	**Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log.
+-	**Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log.
+-	**Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log.
 
-In Windows 10 Mobile, Windows Information Protection (WIP) helps separate personal and enterprise data and prevent data leakage. Key features include its ability to:
+### <a href="" id="companion-devices"></a>Data separation
 
--   Automatically tag personal and corporate data.
--   Protect data while it’s at rest on local or removable storage.
--   Control which apps can access corporate data.
--   Control which apps can access a virtual private network (VPN) connection.
--   Prevent users from copying corporate data to public locations.
+Most third-party solutions require an app wrapper that directs enterprise data into a password-protected container and keeps personal data outside the container. Depending on the implementation, this may require two different versions of the same apps to be running on the device: one for personal data and another for enterprise data.
 
-> **Note:** WIP is currently being tested in select customer evaluation programs. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip).
- 
-### <a href="" id="enlightenment--"></a>Enlightenment
+Windows Information Protection provides data separation without requiring a container or special version of an app to access business or personal data. There is no separate login required to see your corporate data or open your corporate applications. Windows Information Protection identifies enterprise data and encrypts it to only enterprise use. Data separation is automatic and seamless. 
 
-Third-party data loss protection solutions usually require developers to wrap their apps. In contrast, WIP puts the intelligence in Windows 10 Mobile so that it doesn’t require wrappers. As a result, most apps require nothing extra to work with WIP.
+### <a href="" id="companion-devices"></a>Encryption
 
-WIP can enforce policy without the need for an app to change. This means that an app that always handles business data (such as an LOB app) can be added to the allowed list and will always encrypt all data that it handles. However, if the app does not use common controls, cut and paste operations from this app to a non-enterprise app will silently fail. In addition, if the app needs to handle personal data, this data will also be encrypted.
-Therefore, to improve the user experience, in some cases, developers should enlighten their apps by adding code to and compiling them to use the WIP application programming interfaces. Those cases include apps that:
--   Don’t use common controls for saving files.
--   Don’t use common controls for text boxes.
--   Work on personal and enterprise data simultaneously (for example, contact apps that display personal and enterprise data in a single view; a browser that displays personal and enterprise web pages on tabs within a single instance).
+Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating systems and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored – even if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device.
 
-Figure 1 summarizes when an app might require enlightenment to work with WIP. Microsoft Word is a good example. Not only can Word access personal and enterprise data simultaneously, but it can also transmit enterprise data (for example, email attachments containing enterprise data).
+You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. The list below shows the policies you can change to customize device encryption on Windows 10 Mobile devices.
+-	Cryptography 
+    -	Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled.
+    -	TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections.
+-	BitLocker 
+    -	Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one.
 
-In any case, most apps don’t require enlightenment for them to use WIP protection. Simply adding them to the WIP allow list is all you must do. Because unenlightened apps cannot automatically tag data as personal or enterprise, if they are in a WIP policy, they treat all data as enterprise data. An LOB app is a good example. Adding an LOB app to a WIP policy protects all data that the app handles. Another example is a legacy app that cannot be updated, which you can add to a WIP policy and use without even being aware that WIP exists.
+To help make the device even more secured against outside interference, Windows 10 Mobile also now includes protection-under-lock. That means that encryption keys are removed from memory whenever a device is locked. Apps are unable to access sensitive data while the device is in a locked state, so hackers and malware have no way to find and co-opt keys. Everything is locked up tight with the TPM until the user unlocks the device with Windows Hello.
 
-![figure 1](images/mobile-security-guide-fig1.png)
+### <a href="" id="companion-devices"></a>Government Certifications
 
-Figure 1. When is enlightenment required?
-
-### Data leakage control
-
-To configure WIP in an MDM solution that supports it, add authorized apps to the WIP allow list. When a device running Windows 10 Mobile enrolls in the MDM solution, apps that this policy doesn’t authorize won’t have access to enterprise data.
-
-WIP works seamlessly until users try to access enterprise data with or try to paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but WIP blocks users from copying enterprise data from an authorized app to an unauthorized app. Likewise, WIP blocks users from using an unauthorized app to open a file that contains enterprise data.
-In addition, users cannot copy and paste data from authorized apps to unauthorized apps or locations on the Web without triggering one of the WIP protection levels:
--   **Block.** WIP blocks users from completing the operation.
--   **Override.** WIP notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log.
--   **Audit.** WIP does not block or notify users but logs the operation in the audit log.
--   **Off.** WIP does not block or notify users and does not log operations in the audit log.
-
-### Data separation
-
-As the name suggests, data separation separates personal from enterprise data. Most third-party solutions require an app wrapper, and from here, enterprise data goes in a container while personal data is outside the container. Often, people must use two different apps for the same purpose: one for personal data and another for enterprise data.
-
-WIP provides the same data separation but neither uses containers nor requires a special version of an app to access business data, and then a second instance of it to access personal data. There are no containers, partitions, or special folders to physically separate personal and business data. Instead, Windows 10 Mobile is the access control broker, identifying enterprise data because it’s encrypted to the enterprise. Therefore, WIP provides data separation by virtue of encrypting enterprise data.
-
-### Visual cues
-
-In Windows 10 Mobile, visual cues indicate the status of WIP to users (see Figure 2):
-
--   **Start screen.** On the Start screen, apps that a WIP policy manages display a visual cue.
--   **Files.** In File Explorer, a visual cue indicates whether a file or folder contains enterprise data and is therefore encrypted.
-For example, Erwin is an employee at Fabrikam. He opens Microsoft Edge from the Start screen and sees that the tile indicates that a WIP policy manages the browser. Erwin opens the Fabrikam sales website and downloads a spreadsheet. In File Explorer, Erwin sees that the file he downloaded has a visual cue which indicates that it’s encrypted and contains enterprise data. When Erwin tries to paste data from that spreadsheet into an app that no WIP policy manages (for example, his Twitter app), Erwin might see a message that allows him to override protection while logging the action, depending on the protection level configured in the WIP policy.
-
-![figure 2](images/mobile-security-guide-fig2.png)
-
-Figure 2. Visual cues in WIP
+Windows 10 Mobile supports both [FIPS 140 standards](http://csrc.nist.gov/groups/STM/cavp/validation.html) for cryptography and [Common Criteria](https://www.niap-ccevs.org/Product/Compliant.cfm?pid=10694) The FIPS 140 certification validates the effectiveness of the cryptographic algorithms used in Windows 10 Mobile. Microsoft has also received Common Criteria certification for Windows 10 Mobile running on Lumia 950, 950 XL, 550, 635, as well as Surface Pro 4, giving customers assurance that securety functionality is implemented properly.
 
 ## Malware resistance
 
-Just as software has automated so much of our lives, malware has automated attacks on our devices. Those attacks are relentless. Malware is constantly changing, and when it infects a device, it can be difficult to detect and remove.
-The best way to fight malware is to prevent the infection from happening. Windows 10 Mobile provides strong malware resistance because it takes advantage of secured hardware and protects both the startup process and the core operating system architecture.
-
-Table 3 lists specific malware threats and the mitigation that Windows 10 Mobile provides.
-
-Table 3. Threats and Windows 10 Mobile mitigations
+The best way to fight malware is prevention. Windows 10 Mobile provides strong malware resistance through secured hardware, startup process defenses, core operating system architecture, and application-level protections.
+The table below outlines how Windows 10 Mobile mitigates specific malware threats.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="40%" />
+<col width="60%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Threat</th>
-<th align="left">Windows 10 Mobile mitigation</th>
+<th align="left">Windows 10 Mobile mitigation</th>
 </tr>
 </thead>
 <tbody>
@@ -266,11 +179,11 @@ Table 3. Threats and Windows 10 Mobile mitigations
 </tr>
 <tr class="even">
 <td align="left"><p>An app infects other apps or the operating system with malware.</p></td>
-<td align="left"><p>All Windows 10 Mobile apps run inside an AppContainer that isolates them from all other processes and sensitive operating system components. Apps cannot access any resources outside their AppContainer.</p></td>
+<td align="left"><p>All Windows 10 Mobile apps run inside an AppContainer that isolates them from all other processes and sensitive operating system components. Apps cannot access any resources outside their AppContainer.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>An unauthorized app or malware attempts to start on the device.</p></td>
-<td align="left"><p>All Windows 10 Mobile apps must come from Windows Store or Windows Store for Business. Device Guard enforces administrative policies to select exactly which apps are allowed to run.</p></td>
+<td align="left"><p>All Windows 10 Mobile apps must come from Windows Store or Windows Store for Business. Device Guard enforces administrative policies to select exactly which apps are allowed to run.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>User-level malware exploits a vulnerability in the system or an application and owns the device.</p></td>
@@ -291,249 +204,164 @@ Table 3. Threats and Windows 10 Mobile mitigations
 </tr>
 </tbody>
 </table>
- 
-> **Note:**  Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [http://www.uefi.org/specsandtesttools](http://go.microsoft.com/fwlink/p/?LinkId=722912). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed.
- 
-The following sections describe these improvements in more detail.
 
-### <a href="" id="secure-hardware"></a>Enterprise-grade secure hardware
+>**Note:** The Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [www.uefi.org/specs]( http://www.uefi.org/specs). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed.
 
-Taking full advantage of Windows 10 Mobile security features requires advancements in hardware-based security. These advances include UEFI with Secure Boot, TPM, and biometric sensors (hardware dependent).
+### <a href="" id="companion-devices"></a>UEFI with Secure Boot
 
-### <a href="" id="uefi-with-secure-boot--"></a>UEFI with Secure Boot
+When a Windows 10 Mobile device starts, it begins the process of loading the operating system by locating the bootloader in the device’s storage system. Without safeguards in place, the phone might simply hand control over to the bootloader without even determining whether it’s a trusted operating system or malware.
 
-When a Windows 10 Mobile device starts, it begins the process of loading the operating system by locating the bootloader in the device’s storage system. Without safeguards in place, the phone might simply hand control over to the bootloader without even determining whether it’s a trusted operating system or malware.
+UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also helps to ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the mobile phone.
+
+UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the mobile phone’s manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection against firmware-based malware that loads before Windows 10 Mobile and to try and hide its malicious behavior from the operating system. Firmware-based malware of this nature is typically called bootkits.
 
-UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also help ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the mobile phone.
-UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the mobile phone’s manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection against firmware-based malware that loads before Windows 10 Mobile and can successfully hide its malicious behavior from Windows 10 Mobile. Firmware-based malware of this nature is typically called a bootkit.
 When a mobile device with UEFI and Secure Boot starts, the UEFI firmware verifies the bootloader’s digital signature to verify that no one has modified it after it was digitally signed. The firmware also verifies that a trusted authority issued the bootloader’s digital signature. This check helps to ensure that the system starts only after checking that the bootloader is both trusted and unmodified since signing.
-All Windows 10 Mobile devices always have Secure Boot enabled. In addition, they trust only the Windows operating system signature.
 
-Neither Windows 10 Mobile, apps, or even malware can change the UEFI configuration. For more information about UEFI with Secure Boot, read [Protecting the pre-OS environment with UEFI](http://go.microsoft.com/fwlink/p/?LinkId=722909).
+All Windows 10 Mobile devices always have Secure Boot enabled. In addition, they trust only the Windows operating system signature. Neither Windows 10 Mobile, apps, or even malware can change the UEFI configuration. For more information about UEFI with Secure Boot, read [Protecting the pre-OS environment with UEFI](http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx)
 
-### <a href="" id="trusted-platform-module--"></a>Trusted Platform Module
+### <a href="" id="companion-devices"></a>Trusted Platform Module
 
-A Trusted Platform Module is a tamper-resistant cryptographic module that enhances the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a PC, tablet, or mobile phone. A trusted computing platform is specially designed to work with the TPM to support privacy and security scenarios that software alone cannot achieve. It is a Windows 10 Mobile device hardware certification requirement to include a TPM in every Windows 10 Mobile device.
+A Trusted Platform Module (TPM) is a tamper-resistant cryptographic module that enhances the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a PC, tablet, or smartphone. A trusted computing platform is specially designed to work with the TPM to support privacy and security scenarios that software alone cannot achieve. A TPM is required to receive Windows 10 Mobile device hardware certification.
 
-A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling reliable report of the software used to start a platform.
+A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling a reliable report of the software used to start a platform.
 
-The following list describes key functionality that a TPM provides in Windows 10 Mobile:
--   **Manage cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys.
--   **Safeguard and report integrity measurements.**Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component, from firmware up through the drivers, and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device.
--   **Prove a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware that masquerades as a TPM.
+The following list describes key functionality that a TPM provides in Windows 10 Mobile:
+-	**Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys.
+-	**Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device.
+-	**Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM.
 
-Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. At the time the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since that time, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection as well as the ability to plug in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
-Many people assume that original equipment manufacturers (OEMs) must implant a TPM in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 Mobile supports only firmware TPM that complies with the 2.0 standard. Windows does not differentiate between discrete and firmware-based solutions because both must meet the same implementation and security requirements; therefore, any Windows 10 feature that can take advantage of TPM can be used with Windows 10 Mobile.
+Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. When the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since then, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection, as well as the ability to plug-in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
 
-> **Note:**  Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [Minimum hardware requirements](http://go.microsoft.com/fwlink/p/?LinkId=733964).
- 
-Several Windows 10 Mobile security features require TPM:
--   Virtual smart cards
--   Measured Boot
--   Health attestation (requires TPM 2.0 or later)
-Still other features will use the TPM if it is available. For example, Microsoft Passport does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Microsoft Passport.
+Many assume that original equipment manufacturers (OEMs) must implant a TPM in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 Mobile supports only firmware TPM that complies with the 2.0 standard. Windows does not differentiate between discrete and firmware-based solutions because both must meet the same implementation and security requirements. Therefore, any Windows 10 feature that can take advantage of TPM can be used with Windows 10 Mobile.
 
-### <a href="" id="biometrics--"></a>Biometrics
+>Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](https://technet.microsoft.com/library/dn915086.aspx)
 
-Windows 10 Mobile makes biometrics a core security feature. Microsoft has fully integrated biometrics into the Windows 10 Mobile security components, not just tacked it on top of the platform (as was the case in previous versions of Windows). This is a big change. Earlier biometric implementations were largely front-end methods that simplified authentication. Under the hood, the system used biometrics to access a password, which it then used for authentication behind the scenes. Biometrics may have provided convenience but not necessarily enterprise-grade authentication.
-Microsoft has been evangelizing the importance of enterprise-grade biometric sensors to the OEMs that create Windows 10 Mobile devices. These facial-recognition and iris-scanning sensors are fully supported by MFA features such as Microsoft Passport and Windows Hello.
-In the future, Microsoft expects OEMs to produce even more advanced enterprise-grade biometric sensors and to continue to integrate them into mobile devices. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
+Several Windows 10 Mobile security features require TPM:
+-	Virtual smart cards
+-	Measured Boot
+-	Health attestation (requires TPM 2.0 or later)
 
-### <a href="" id="enterprise-grade-secure-windows-startup--"></a>Enterprise-grade secure Windows startup
+Still other features will use the TPM if it is available. For example, Windows Hello does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Windows Hello.
 
-UEFI with Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the devices, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
+### <a href="" id="companion-devices"></a>Biometrics
 
-### <a href="" id="trusted-boot--"></a>Trusted Boot
+Windows 10 Mobile makes biometrics a core security feature. Microsoft has fully integrated biometrics into the Windows 10 Mobile security components, not just tacked it on top of the platform (as was the case in previous versions of Windows). This is a big change. Earlier biometric implementations were largely front-end methods that simplified authentication. Under the hood, the system used biometrics to access a password, which it then used for authentication behind the scenes. Biometrics may have provided convenience, but not necessarily enterprise-grade authentication.
 
-When UEFI with Secure Boot verifies that it trusts the bootloader and starts Windows 10 Mobile, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (for example, signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, and startup files.
+Microsoft has been evangelizing the importance of enterprise-grade biometric sensors to the OEMs that create Windows 10 Mobile devices. These facial-recognition and iris-scanning sensors are fully supported by Windows Hello.
 
-If someone has modified a file (for example, if malware has tampered with it or it has been corrupted), Trusted Boot will detect the problem and attempt to automatically repair the corrupted component. When repaired, Windows will start normally after only a brief delay.
+In the future, Microsoft expects OEMs to produce even more advanced enterprise-grade biometric sensors and to continue integrating them into mobile devices. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
 
-### <a href="" id="measured-boot--"></a>Measured Boot
+### <a href="" id="trusted-boot"></a>Trusted Boot
 
-The biggest challenge with rootkits and bootkits in earlier versions of Windows was that they could frequently be undetectable to the client. Because they often started before Windows defenses and the antimalware solution—and they had system-level privileges—rootkits and bootkits could completely disguise themselves while continuing to access system resources. Although UEFI with Secure Boot and Trusted Boot could prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (for example, if someone compromised the signature used to sign a boot component, such as a non-Microsoft driver, and used it to sign a malicious one).
-Windows 10 Mobile implements the Measured Boot feature, which uses the TPM hardware component to record a series of measurements for critical startup-related components, including firmware, Windows boot components, and drivers. Because Measured Boot uses the hardware-based security capabilities of TPM, which isolates and protects the measurement data against malware attacks, the log data is well protected against even sophisticated attacks.
-Measured Boot focuses on acquiring the measurement data and protecting it against tampering. You must couple it, however, with a service that can analyze the data to determine device health and provide a more complete security service. The next section introduces just such a service.
+UEFI with Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the device, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
 
-### <a href="" id="device-health-attestation--"></a>Device health attestation
+When UEFI with Secure Boot verifies that it trusts the bootloader and starts Windows 10 Mobile, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (e.g., signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, and startup files.
 
-Device health attestation is new feature in Windows 10 Mobile that helps prevent low-level malware infections. Device health attestation uses a device’s TPM and firmware to measure the critical security properties of the device’s BIOS and Windows startup processes. These measurements are made in such a way that even on a system infected with kernel-level malware or a rootkit, an attacker is unlikely to spoof the properties.
-You can integrate Device health attestation with Microsoft Intune or non-Microsoft MDM solutions and combine these hardware-measured security properties with other device properties to gain an overall view of the device’s health and compliance state. From there, you can use this integration in a variety of scenarios, from detecting jailbroken devices to monitoring device compliance, generating compliance reports, alerting users or administrators, initiating corrective action on the device, and managing conditional access to resources such as Office 365.
+### <a href="" id="measured-boot"></a>Measured Boot
 
-### <a href="" id="conditional-access--"></a>Conditional Access
+In earlier versions of Windows, the biggest challenge with rootkits and bootkits was that they could frequently be undetectable to the client. Because they often started before Windows defenses and the antimalware solution – and they had system-level privileges – rootkits and bootkits could completely disguise themselves while continuing to access system resources. Although UEFI with Secure Boot and Trusted Boot could prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (e.g., if someone compromised the signature used to sign a boot component, such as a non-Microsoft driver, and used it to sign a malicious one).
 
-The example that follows shows how Windows 10 protective measures integrate and work with Intune and non-Microsoft MDM solutions. It demonstrates how the phone security architecture in Windows 10 Mobile helps you monitor and verify compliance and how the security and trust rooted in the device hardware protect corporate resources end to end.
+Windows 10 Mobile implements the Measured Boot feature, which uses the TPM hardware component to record a series of measurements for critical startup-related components, including firmware, Windows boot components, and drivers. Because Measured Boot uses the hardware-based security capabilities of TPM, which isolates and protects the measurement data against malware attacks, the log data is well protected against even sophisticated attacks.
 
-When a user turns on a phone:
-1.  The Secure Boot feature in Windows 10 Mobile helps protect the startup sequence, allows the device to boot into a defined and trusted configuration, and loads a factory-trusted boot loader.
-2.  Windows 10 Mobile Trusted Boot takes control when the Secure Boot process is complete, verifying the digital signature of the Windows kernel and the components that are loaded and executed during the startup process.
-3.  In parallel to steps 1 and 2, the phone’s TPM runs independently in a hardware-protected security zone (isolated from the boot execution path, which monitors boot activities). It creates a protected, tamper-evident audit trail, signed with a secret that only the TPM can access.
-4.  Devices that a Device health attestation-enabled MDM solution manage send a copy of this audit trail to the Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
-5.  HAS reviews the audit trails, issues an encrypted and signed report, and forwards it to the device.
-6.  From your Device health attestation-enabled MDM solution, you can review the report in a protected, tamper-resistant, and tamper-evident communication channel to assess whether the device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with the organization’s security needs and policies.
-Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider implementing a Device health attestation-enabled MDM system like Intune that takes advantage of the Windows 10 Mobile cloud-based health attestation server feature to detect and block devices infected with advanced malware.
+Measured Boot focuses on acquiring the measurement data and protecting it against tampering. To provide more complete security, it must be coupled with a service that can analyze the data to determine device health. 
 
-## <a href="" id="app-platform-security--"></a>App platform security
+### <a href="" id="device-health-attestation"></a>Device Health Attestation
 
-Applications built for Windows are designed to be secure and free of defects, but the reality is that human error can create vulnerabilities in code. When malicious users and software identify such vulnerabilities, they may attempt to manipulate data in memory in the hope that they can compromise the system and take control.
+Device Health Attestation (DHA) is a new feature in Windows 10 Mobile that helps prevent low-level malware infections. DHA uses a device’s TPM and firmware to measure the critical security properties of the device’s BIOS and Windows startup processes. These measurements are made in such a way that even on a system infected with kernel-level malware or a rootkit, an attacker is unlikely to spoof the properties.
 
-To mitigate these risks, Windows 10 Mobile includes a series of improvements to make it more difficult for malware to compromise the device. Windows 10 Mobile even enables organizations to choose which apps are allowed to run on mobile devices. In addition, it includes improvements that can dramatically reduce the likelihood that newly discovered vulnerabilities can be successful exploited. It takes detailed knowledge of operating system architecture and malware exploit techniques to fully appreciate the impact of these improvements, but the sections that follow explain them at a high level.
+You can use DHA with Microsoft Intune (sold separately) or a third-party MDM solution to combine hardware-measured security properties with other device properties and gain an overall view of the device’s health and compliance state. This integration can be useful in a variety of scenarios, including detecting jailbroken devices, monitoring device compliance, generating compliance reports, alerting users or administrators, initiating corrective action on the device, and managing conditional access to resources such as Office 365.
 
-### <a href="" id="device-guard--"></a>Device Guard
+The example that follows shows how Windows 10 protective measures integrate and work with Intune and third-party MDM solutions. It demonstrates how the phone security architecture in Windows 10 Mobile can help you monitor and verify compliance and how the security and trust rooted in the device hardware can protect end-to-end corporate resources.
 
-Device Guard is a feature set that consists of both hardware and software system integrity-hardening features. These features revolutionize Windows operating system security by moving the entire operating system to a trust-nothing model.
+When a user turns a phone on:
+1.	The Secure Boot feature in Windows 10 Mobile helps protect the startup sequence, allows the device to boot into a defined and trusted configuration, and loads a factory-trusted boot loader.
+2.	Windows 10 Mobile Trusted Boot takes control when the Secure Boot process is complete, verifying the digital signature of the Windows kernel and the components that are loaded and executed during the startup process.
+3.	In parallel to steps 1 and 2, the phone’s TPM runs independently in a hardware-protected security zone (isolated from the boot execution path, which monitors boot activities). It creates a protected, tamper-evident audit trail, signed with a secret that only the TPM can access.
+4.	Devices that are DHA-enabled send a copy of this audit trail to the Microsoft Health Attestation service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
+5.	HAS reviews the audit trails, issues an encrypted and signed report, and forwards it to the device.
+6.	From your DHA-enabled MDM solution, you can review the report in a protected, tamper-resistant, and tamper-evident communication channel to assess whether the device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with the organization’s security needs and policies.
+Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider implementing a DHA-enabled MDM system like Intune. It can take advantage of the Windows 10 Mobile cloud-based health attestation server feature to detect and block devices infected with advanced malware.
 
-All apps on Windows 10 Mobile must be digitally signed and come from Windows Store or a trusted enterprise store. Device Guard implements policies that further restrict this. By default, Device Guard supports all apps from Windows Store. You can create policies that define the apps that can and cannot run on the Windows 10 Mobile device. If the app doesn’t have a digital signature or is prevented by policy, or it does not come from a trusted store, it will not run on Windows 10 Mobile.
+### <a href="" id="device-guard"></a>Device Guard
 
-Advanced hardware features (described earlier in the [Enterprise-grade secure hardware](#secure-hardware) section) drive these security offerings. By integrating these hardware features further into the core operating system, Windows 10 Mobile can use them in new ways. To deliver this additional security, Device Guard requires UEFI with Secure Boot.
+Device Guard is a feature set that consists of both hardware and software system integrity–hardening features. These features revolutionize Windows operating system security by moving the entire operating system to a trust-nothing model.
 
-### <a href="" id="appcontainer--"></a>AppContainer
+All apps on Windows 10 Mobile must be digitally signed and come from Windows Store or a trusted enterprise store. Device Guard implements policies that further restrict this. By default, Device Guard supports all apps from Windows Store. You can create policies that define the apps that can and cannot run on the Windows 10 Mobile device. If the app does not have a digital signature, is prevented by policy, or does not come from a trusted store, it will not run on Windows 10 Mobile.
 
-The Windows 10 Mobile security model is based on the principle of least privilege and uses isolation to achieve it. Every app and even portions of the operating system itself run inside their own isolated sandbox called an AppContainer—a secured isolation boundary within which an app and its processes can run. Each AppContainer is defined and implemented through a security policy.
+Advanced hardware features, described above, drive these security offerings. By integrating these hardware features further into the core operating system, Windows 10 Mobile can use them in new ways. To deliver this additional security, Device Guard requires UEFI with Secure Boot.
 
-The security policy of a specific AppContainer defines the operating system capabilities that apps have access to from within the AppContainer. A capability is a Windows 10 Mobile device resource such as geographical location information, camera, microphone, networking, and sensors.
+### <a href="" id="address-space-layout-randomaization"></a>Address Space Layout Randomization
 
-A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. In addition, access to other capabilities can be declared within the app code itself. Access to additional capabilities and privileges cannot be requested at run time, as can be done with traditional desktop applications.
+One of the most common techniques used by attackers to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data reside, and overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
 
-The AppContainer concept is advantageous for the following reasons:
-
--   **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions.
--   **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Windows Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent.
--   **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communications channels and data types.
-
-Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Windows Store displays the permissions that the app requires along with the app’s age rating and publisher.
-
-The combination of Device Guard and AppContainer help to prevent unauthorized apps from running. In the event malware slips into the app ecosystem, the AppContainer helps to constrain the app and limit potential damage. The Windows 10 Mobile trust-nothing model doesn’t assume that any component is perfect, however, potential vulnerabilities in apps, AppContainers, and Windows 10 Mobile itself could give an attacker a chance to compromise a system. For this reason, we need redundant vulnerability mitigations. The next several topics describe some of the redundant mitigations in Windows 10 Mobile.
-
-### <a href="" id="address-space-layout-randomization--"></a>Address Space Layout Randomization
-One of the most common techniques attackers use to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data reside, and then overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
-
-Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 3 illustrates how ASLR works, showing how the locations of different critical Windows components can change in memory between restarts.
+Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. The below diagram illustrates how ASLR works, showing how the locations of different critical Windows components can change in memory between restarts.
 
 ![figure 3](images/mobile-security-guide-figure3.png)
 
-Figure 3. ASLR at work
+Microsoft has substantively improved the ASLR implementation in Windows 10 Mobile over previous versions, applying it across the entire system rather than only in specific apps. With 64bit system and application processes that can take advantage of a vastly increased memory space, it is even more difficult for malware to predict where Windows 10 Mobile stores vital data. When used on systems that have TPMs, ASLR memory randomization becomes increasingly unique across devices, adding additional degrees of difficulty for repurposing successful exploits to another system.
 
-Microsoft has substantively improved the ASLR implementation in Windows 10 Mobile over previous versions, especially with 64-bit system and application processes that can take advantage of a vastly increased memory space, making it even more difficult for malware to predict where Windows 10 Mobile stores vital data. When used on systems that have TPMs, ASLR memory randomization will be increasingly unique across devices, making it even more difficult for a successful exploit that works on one system to work reliably on another. Microsoft also holistically applied ASLR across the entire system in Windows 10 Mobile rather than it working only on specific apps.
+### <a href="" id="data-execution-prevention"></a>Data Execution Prevention
 
-### <a href="" id="data-execution-prevention--"></a>Data Execution Prevention
+Malware depends on its ability to insert a malicious payload into memory with the hope that an unsuspecting user will execute it later. While ASLR makes that more difficult, Windows 10 Mobile extends that protection to prevent malware from running if written to an area that you have allocated solely for the storage of information. Data Execution Prevention (DEP) substantially reduces the range of memory that malicious code can use for its benefit. DEP uses the **No execute** bit on modern CPUs to mark blocks of memory as read-only so that malware can’t use those blocks to execute malicious code. All Windows 10 and Windows 10 Mobile devices support DEP.
 
-Malware depends on its ability to put a malicious payload into memory with the hope that an unsuspecting user will execute it later. ASLR makes that much more difficult.
-
-Extending that protection, it would be great if you could prevent malware from running if it wrote to an area that you have allocated solely for the storage of information. Data Execution Prevention (DEP) does exactly that, substantially reducing the range of memory that malicious code can use for its benefit. DEP uses the **No execute** bit on modern CPUs to mark blocks of memory as read only so that malware can’t use those blocks to execute malicious code. All Windows 10 and Windows 10 Mobile devices support DEP.
-
-### <a href="" id="windows-heap--"></a>Windows heap
+### <a href="" id="companion-devices"></a>Windows heap
 
 The heap is a location in memory that Windows uses to store dynamic application data. Microsoft continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that an attacker could use.
-Windows 10 Mobile has several important improvements to the security of the heap over previous versions of Windows:
+Windows 10 Mobile has made several important improvements to the security of the heap over previous versions of Windows:
+-	Internal data structures that the heap uses are better protected against memory corruption.
+-	Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable.
+-	Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app.
 
--   Internal data structures that the heap uses are better protected against memory corruption.
--   Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, which makes the allocation much less predictable.
--   Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app.
+### <a href="" id="memeory-reservation"></a>Memory reservations
 
-### <a href="" id="memory-reservations--"></a>Memory reservations
+Microsoft reserves the lowest 64 KB of process memory for the operating system. Apps are no longer allowed to allocate that portion of the memory, making it more difficult for malware to overwrite critical system data structures in memory.
 
-Microsoft reserves the lowest 64 KB of process memory for the operating system. Apps are no longer allowed to allocate that portion of the memory, which makes it more difficult for malware to overwrite critical system data structures in memory.
+### <a href="" id="control-flow-guard"></a>Control Flow Guard
 
-### <a href="" id="control-flow-guard--"></a>Control Flow Guard
+When Windows loads applications into memory, it allocates space to those applications based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships among the code locations are well known – they are written in the code itself. However, until Windows 10 Mobile, the operating system didn’t enforce the flow among these locations, giving attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
 
-When Windows loads applications into memory, it allocates space to those applications based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships among the code locations are well known—they are written in the code itself—but until Windows 10 Mobile, the operating system didn’t enforce the flow among these locations, giving attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
-Windows 10 Mobile mitigates this kind of threat through the Control Flow Guard (CFG) feature. When a trusted application that its creator compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If CFG doesn’t trust the location, it immediately terminates the application as a potential security risk.
+Windows 10 Mobile mitigates this kind of threat through Control Flow Guard (CFG). When a trusted application that its creator compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If CFG doesn’t trust the location, it immediately terminates the application as a potential security risk.
 
-You cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when he or she compiles the application. Consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. Of course, browsers are a key entry point for attacks; thus Microsoft Edge and other Windows features take full advantage of CFG.
+You cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when he or she compiles the application. Because browsers are a key entry point for attacks, Microsoft Edge takes full advantage of CFG.
 
-### <a href="" id="protected-processes--"></a>Protected processes
+### <a href="" id="protected-processes"></a>Protected Processes
 
-In general, preventing a computer security incident is more cost-effective than repairing the damage an incident can cause. For malware in particular, most security controls are designed to prevent an attack from being initially successful. The reasoning is that if malware cannot infect the system, the system is immune to malware.
+Unfortunately, no device is immune to malware. Despite all the best preventative controls, malware can eventually find a way to infect any operating system or hardware platform. So, although prevention with a defense-in-depth strategy is important, additional malware controls are required. 
+If malware is running on a system, you need to limit what it can do Protected Processes prevents untrusted processes from tampering with those that have been specially signed. Protected Processes defines levels of trust for processes: it prevents less trusted processes from interacting with and therefore attacking more trusted processes. Windows 10 Mobile uses Protected Processes broadly throughout the operating system.
 
-Unfortunately, no device is immune to malware. Despite all the best preventative controls, malware can eventually find a way to infect any operating system or hardware platform. So, although prevention with a defense-in-depth strategy is important, it cannot be the only type of malware control.
+### <a href="" id="appcontainer"></a>AppContainer
 
-The key security scenario is to assume that malware is running on a system but limit what it can do. Windows 10 Mobile has security controls and design features in place to reduce compromise from existing malware infections. Protected Processes is one such feature.
+The Windows 10 Mobile security model is based on the principle of least privilege and uses isolation to achieve it. Every app and even portions of the operating system itself run inside their own isolated sandbox called an AppContainer – a secured isolation boundary within which an app and its processes can run. Each AppContainer is defined and implemented through a security policy.
 
-With Protected Processes, Windows 10 Mobile prevents untrusted processes from interacting or tampering with those that have been specially signed. Protected Processes defines levels of trust for processes: it prevents less trusted processes from interacting with and therefore attacking more trusted processes. Windows 10 Mobile uses Protected Processes more broadly across the operating system.
+The security policy of a specific AppContainer defines the operating system capabilities that apps have access to from within the AppContainer, such as geographical location information, camera, microphone, networking, or sensors.
 
-### Store for Business
+A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. Access to other capabilities can be declared within the app code itself. Unlike traditional desktop applications, access to additional capabilities and privileges cannot be requested at run time.
 
-Store for Business allows IT pros to find, acquire, distribute, and manage apps for their organization. The model provides flexible ways to distribute apps, depending on the size of your organization, and does not require additional infrastructure in some scenarios.
+The AppContainer concept is advantageous because it provides:
+-	**Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions.
+-	**User consent and control.** Capabilities that apps use are automatically published to the app details page in the Windows Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent.
+-	**App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types.
 
-UWP apps are inherently more secure than typical applications because they are sandboxed, which restricts the app’s risk of compromise or tampering with in a way that would put the system, data, and other applications at risk. Windows Store can further reduce the likelihood that malware will infect devices by reviewing all applications that enter the Windows Store ecosystem before making them available. Store for Business extends this concept by enabling you to distribute custom LOB apps, and even some Windows Store apps, to Windows 10 Mobile devices through the same Windows Store infrastructure.
+Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Windows Store displays the permissions that the app requires along with the app’s age rating and publisher.
 
-Regardless of how users acquire UWP apps, they can use them with increased confidence. UWP apps run in an AppContainer sandbox with limited privileges and capabilities. For example, the apps have no system-level access, have tightly controlled interactions with other apps, and have no access to data unless the user explicitly grants the application permission.
+The combination of Device Guard and AppContainer help to prevent unauthorized apps from running. In the event malware slips into the app ecosystem, the AppContainer helps to constrain the app and limit potential damage. The Windows 10 Mobile trust-nothing model doesn’t assume that any component is perfect. However, potential vulnerabilities in apps, AppContainers, and Windows 10 Mobile itself could give an attacker a chance to compromise a system. For this reason, redundant vulnerability mitigations are needed. The next several topics describe some of the redundant mitigations in Windows 10 Mobile.
 
-In addition, all UWP apps follow the security principle of least privilege. Apps receive only the minimum privileges they need to perform their legitimate tasks, so even if an attacker exploits an app, the damage the exploit can do is significantly limited and should be contained within the sandbox. Windows Store displays the exact capabilities the app requires (for example, access to the camera), along with the app’s age rating and publisher.
+### <a href="" id="microsoft-edge"></a>Microsoft Edge
 
-The Windows Store app-distribution process and the app sandboxing capabilities of Windows 10 Mobile can dramatically reduce the likelihood that users encounter malicious apps on the system.
+The web browser is a critical component of any security strategy. It is the user’s interface to the Internet, an environment teeming with malicious sites and potentially dangerous content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
 
-For more information about Store for Business, see [Windows Store for Business overview](../whats-new/windows-store-for-business-overview.md).
+Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways:
+-	**Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability. 
+-	**Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps.
+-	**Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design.
 
-### App management
+## Summary
 
-An enterprise typically exerts some configuration and control over the apps installed on devices. In this way, the organization accomplishes several business goals, such managing software licenses, ensuring mandatory app deployment on required devices, and preventing the installation of unacceptable apps on corporate devices.
+Windows 10 Mobile provides security on personal and corporate-owned devices to protect against unauthorized access, data leakage, and malware threats. All of the features covered in this paper – multifactor authentication, data separation, and malware resistance – are seamlessly incorporated into the operating system. This means enterprises are protected without compromising the productivity and ease of use that drives users to bring mobile devices into the workplace. 
 
-An important component in delivering on these goals is Store for Business, which builds on the Windows Store infrastructure that Microsoft hosts and enables you to deploy Windows Store apps across your Windows 10-based devices. Store for Business is both powerful and highly flexible. It allows you to extend and customize features without having to stand up new on-premises infrastructure. It supports and integrates with your existing MDM service but doesn’t require one. (Ask your MDM service vendor about integration with Store for Business.) You can configure Store for Business for a wide variety of scenarios, including online and offline licensing and different app-distribution options. For a more detailed description of the available Store for Business scenarios, see [Windows Store for Business overview](../whats-new/windows-store-for-business-overview.md).
+## Revision History
 
-A web-based portal for IT pros simplifies Windows 10 Mobile app deployment. The familiar look of Windows Store was used to design the Store for Business experience. It showcases apps relevant to business use, hand-selected and sorted by category. The store can use Azure AD accounts for all users, linking them to a single, unique organizational identity.
+November 2015 		Updated for Windows 10 Mobile (version 1511)
 
-Another key benefit is licensing. Store for Business enables you to track and manage licenses for all UWP apps. You can easily determine which users have installed specific apps, track remaining licenses left, and acquire new licenses directly through the web interface. Those new licenses are added within Store for Business and do not require complex export and import processes. As long as your clients are online and have Internet connectivity, the licensing scenario with Store for Business is a great improvement over manual licensing tasks.
+July 2016		Updated for Windows 10 Mobile Anniversary Update (version 1607)
 
-Store for Business allows you to find the right apps for your users, acquire them, manage app licenses, and distribute apps to individuals. The best way to understand Store for Business is to look at the steps involved in a common scenario: delivering apps to Windows 10 Mobile users without an MDM—specifically, deploying apps to Windows 10 Mobile users. In this scenario, you identify several apps that must be on each mobile device that are currently available for free in the Windows Store (for example, a VPN app for your Dell SonicWALL solution) and some internally developed LOB apps.
-
-### The IT side
-
-You begin the app deployment process by preparing the private store and the apps before your users receive their new Windows 10 Mobile devices.
-
-First, you open [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910) and use an Azure AD account to log in. This account is linked to the company’s unique organizational identity and must have an Azure AD tenant. In addition, the account must have Azure AD Enterprise Admin permissions if this is the first time you’re using Store for Business. You can delegate later access through permissions within Store for Business.
-Next, you locate and acquire any apps you want to deploy to the mobile devices, adding the apps and licenses to the organization’s inventory.
-
-Along with existing Windows Store apps, you can use Store for Business to manage custom LOB apps that are developed for your organization. First, you grant permission for a trusted app developer to submit the apps. You and the developer submit these apps through the [Windows Dev Center](http://go.microsoft.com/fwlink/p/?LinkId=722911), and they must be digitally signed with a trusted certificate. These apps are not published to the retail Windows Store catalog and are not visible to anyone outside the organization.
-
-You can deliver the apps through a private store within Windows Store. The next step, then, is for you to mark the app to be available in the private store, which you do through the Store for Business web portal.
-
-Alternatively, you can choose one of two other app-distribution options in Store for Business web portal:
--   Assign the app to people in your organization by selecting one or more Azure AD identities
--   Add the app to the organization’s private store, and allow all users to discover and install it.
-For details about app distribution, see [Distribute apps using your private store](../manage/distribute-apps-from-your-private-store.md).
-
-The IT process for preparing Store for Business for app deployment is shown in Figure 4.
-
-![figure 4](images/mobile-security-guide-figure4.png)
-
-Figure 4. The IT process for Store for Business
-
-For details about the process of distributing apps through Store for Business, see [Find and acquire apps](../manage/find-and-acquire-apps-overview.md).
-
-### <a href="" id="the-user-side--"></a>The user side
-
-After you have prepared Store for Business, the user side of the process takes over. This side of the process is designed to be user friendly, with the primary app deployment method—through Store for Business—streamlined and straightforward. This process doesn’t require an MDM system or any on-premises infrastructure. In fact, the user never sees the “for Business” label, just the familiar Windows Store.
-
-1.  The user opens the Windows Store app on his or her Windows 10 Mobile device.
-
-2.  The same Windows Store interface appears, with the addition of the private store you created. The private store appears as a new page, similar to Games and Music. The interface integrates the public Windows Store with the organization’s private store, which contains curated apps.
-
-3.  The user simply selects and installs apps as usual.
-
-If the user wants to make a private purchase of apps, music, movies, or TV shows with his or her Microsoft account, that’s an option, as well. The user pays for and owns his or her purchase, independent of the company. This flexibility enables hybrid scenarios for devices in many bring your own device environments.
-
-### Microsoft Edge
-
-Windows 10 Mobile includes critical improvements designed to thwart attacks and malware. The environment is now more resistant to malware thanks to significant improvements to SmartScreen Filters. Internet browsing is a safer experience thanks to Microsoft Edge, a completely new browser.
-
-Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways:
--   **Microsoft Edge does not support non-Microsoft binary extensions.** Microsoft Edge supports Flash content and PDF viewing by default through built-in extensions but includes no non-Microsoft binary extensions, such as ActiveX controls or Java.
--   **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps.
--   **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design.
-
-The web browser is a critical component of any security strategy, and for good reason: it is the user’s interface to the Internet, an environment teeming with malicious sites and nefarious content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
-
-## Related topics
-
-
-[Windows 10 security overview](windows-10-security-guide.md)
-
-[Windows 10 Mobile and MDM](../manage/windows-10-mobile-and-mdm.md)
-
-[Windows 10 and Windows 10 Mobile](../index.md)
-
-[Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910)
-
-[Windows Store for Business overview](../whats-new/windows-store-for-business-overview.md)
diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md
index 6a822ec11e..5ad7eddc7a 100644
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@@ -18,14 +18,14 @@ author: challum
 
 This guide provides a detailed description of the most important security improvements in the Windows 10 operating system, with links to more detailed articles about many of its security features. Wherever possible, specific recommendations are provided to help you implement and configure Windows 10 security features.
 
-## Introduction
+#### Introduction
 
 Windows 10 is designed to protect against known and emerging security threats across the spectrum of attack vectors. Three broad categories of security work went into Windows 10:
 -   [**Identity and access control**](#identity) features have been greatly expanded to both simplify and enhance the security of user authentication. These features include Windows Hello and Microsoft Passport, which better protect user identities through easy-to-deploy and easy-to-use multifactor authentication (MFA). Another new feature is Credential Guard, which uses virtualization-based security (VBS) to help protect the Windows authentication subsystems and users’ credentials.
 -   [**Information protection**](#information) that guards information at rest, in use, and in transit. In addition to BitLocker and BitLocker To Go for protection of data at rest, Windows 10 includes file-level encryption with Enterprise Data Protection that performs data separation and containment and, when combined with Rights Management services, can keep data encrypted when it leaves the corporate network. Windows 10 can also help keep data secure by using virtual private networks (VPNs) and Internet Protocol Security.
 -   [**Malware resistance**](#malware) includes architectural changes that can isolate critical system and security components from threats. Several new features in Windows 10 help reduce the threat of malware, including VBS, Device Guard, Microsoft Edge, and an entirely new version of Windows Defender. In addition, the many antimalware features from the Windows 8.1 operating system— including AppContainers for application sandboxing and numerous boot-protection features, such as Trusted Boot—have been carried forward and improved in Windows 10.
 
-## <a href="" id="identity"></a>Identity and access control
+## Identity and access control
 
 Traditionally, access control is a process that has three components:
 -   **Identification** - when a user asserts a unique identity to the computer system for the purpose of gaining access to a resource, such as a file or a printer. In some definitions, the user is called the subject and the resource is the object.
@@ -74,14 +74,14 @@ Table 1. Windows 10 solutions to typical access control challenges
  
 The sections that follow describe these challenges and solutions in more detail.
 
-**Microsoft Passport**
+### Microsoft Passport
 
 Microsoft Passport provides strong two-factor authentication (2FA), fully integrated into Windows, and replaces passwords with the combination of an enrolled device and either a PIN or Windows Hello. Microsoft Passport is conceptually similar to smart cards but more flexible. Authentication is performed by using an asymmetric key pair instead of a string comparison (for example, password), and the user’s key material can be secured by using hardware.
 Unlike smart cards, Microsoft Passport does not require the extra infrastructure components required for smart card deployment. In particular, you do not need public key infrastructure (PKI). If you already use PKI – for example, in secure email or VPN authentication – you can use the existing infrastructure with Microsoft Passport. Microsoft Passport combines the major advantages of smart card technology – deployment flexibility for virtual smart cards and robust security for physical smart cards – without any of their drawbacks.
 
 Microsoft Passport offers three significant advantages over the current state of Windows authentication: It’s more flexible, it’s based on industry standards, and it effectively mitigates risks. The sections that follow look at each of these advantages in more detail.
 
-**It’s flexible**
+#### It’s flexible
 
 Microsoft Passport offers unprecedented flexibility. Although the format and use of passwords and smart cards is fixed, Microsoft Passport gives both administrators and users options to manage authentication. First and foremost, Microsoft Passport works with biometric sensors and PINs. Next, you can use your PC or even your phone as one of the factors to authenticate on your PC. Finally, your user credentials can come from your PKI infrastructure, or Windows can create the credential itself.
 
@@ -89,21 +89,19 @@ Microsoft Passport gives you options beyond long, complex passwords. Instead of
 
 With Microsoft Passport, you gain flexibility in the data center, too. To deploy it, you must add Windows Server 2016 domain controllers to your Active Directory environment, but you do not have to replace or remove your existing Active Directory servers: Microsoft Passport builds on and adds to your existing infrastructure. You can either add on premises servers or use Microsoft Azure Active Directory to deploy Microsoft Passport to your network. The choice of which users to enable for Microsoft Passport use is completely up to you – you choose which items to protect and which authentication factors you want to support. This flexibility makes it easy to use Microsoft Passport to supplement existing smart card or token deployments by adding 2FA to users who do not currently have it, or to deploy Microsoft Passport in scenarios that call for extra protection for sensitive resources or systems.
 
-**It’s standardized**
+#### It’s standardized
 
 Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end: The future lies with open, interoperable systems that allow secure authentication across a variety of devices, line of business (LOB) apps, and external applications and websites. To this end, a group of industry players formed FIDO, the Fast IDentity Online Alliance. The FIDO Alliance is a nonprofit organization intended to address the lack of interoperability among strong authentication devices, as well as the problems users face when they need to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security.
 
-In 2014, Microsoft joined the board of the [FIDO Alliance](http://go.microsoft.com/fwlink/p/?LinkId=626934). FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards, and of course, on new ideas. Microsoft has contributed Microsoft Passport technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
+In 2014, Microsoft joined the board of the [FIDO Alliance](https://go.microsoft.com/fwlink/p/?LinkId=626934). FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards, and of course, on new ideas. Microsoft has contributed Microsoft Passport technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
 
-**It’s effective**
+#### It’s effective
 
 Microsoft Passport effectively mitigates two major security risks. First, it eliminates the use of passwords for logon and so reduces the risk that a nefarious attacker will steal and reuse the user’s credentials. User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Second, because Microsoft Passport uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
 
 To compromise a Microsoft Passport credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before TPM anti-hammer capabilities lock the device. This sets the bar magnitudes of order higher than password phishing attacks.
 
-### <a href="" id="windows-hello"></a>
-
-**Windows Hello**
+### Windows Hello
 
 Windows Hello is the name given to the new biometric sign-in option for Microsoft Passport. Because biometric authentication is built directly into the operating system, Windows Hello allows users to unlock their devices by using their face or fingerprint. From here, authentication to the devices and resources is enabled through a combination of the user’s unique biometric identifier and the device itself.
 
@@ -117,7 +115,7 @@ Windows Hello supports two biometric sensor options that are suitable for enterp
 Windows Hello offers several major benefits. First, it addresses the problems of credential theft and sharing, because an attacker must obtain the device and impersonate the user’s biometric identity, which is more difficult than stealing a password or PIN. Second, the use of biometrics gives users an authenticator that’s always with them – there’s nothing to forget, lose, or leave behind. Instead of worrying about memorizing long, complex passwords, users can take advantage of a convenient, secure method for logging in to all their Windows devices. Finally, there’s nothing additional to deploy or manage. Because Windows Hello support is built directly into the operating system, 
 there are no additional drivers to deploy.
 
-**Brute-force attack resistance**
+### Brute-force attack resistance
 
 A brute-force attack is the process used to break into a device simply by guessing a user’s password, PIN, or even his or her biometric identity over and over until the attacker gets it right. Over the last several versions of Windows, Microsoft has added features that dramatically reduce the chances that such an attack would succeed.
 
@@ -126,7 +124,7 @@ Windows 8.1 and Windows 10 support an even more powerful – but optional –
 
 If you’re interested in learning how to configure brute-force protection, use a test Windows 10 PC on which BitLocker protection is enabled for the system drive, and then print the BitLocker recovery key to ensure that you have it available. Then, open the Local Group Policy Editor by running **gpedit.msc**, and go to Computer Configuration\\Windows Settings\\Security Settings\\Security Options. Open the policy **Interactive Login: Machine Account Lockout Threshold**, and set the value to **5**, as shown in Figure 1.
 
-![figure 1](images/security-fig1-invalidaccess.png)
+![Machine lockout threshold](images/security-fig1-invalidaccess.png "Machine lockout threshold")
 
 Figure 1. Set the number of invalid access attempts prior to lockout
 
@@ -188,92 +186,105 @@ Table 2. Data Protection in Windows 10 and Windows 7
 </tr>
 </tbody>
 </table>
- 
+
 The sections that follow describe these improvements in more detail.
 
-**Prepare for drive and file encryption**
+### Prepare for drive and file encryption
 
 The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid.
 Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 10 meets your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth.
 
-**TPM pre-provisioning**
+#### TPM pre-provisioning
 
 In Windows 7, preparing the TPM for use offered a couple of challenges:
--   You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
--   When you enable the TPM, it may require one or more restarts.
+
+* You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
+* When you enable the TPM, it may require one or more restarts.
+
 Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.
+
 Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
 
-**Deploy hard drive encryption**
+### Deploy hard drive encryption
 
 BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
 With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.
 
-**Device encryption**
+#### Device encryption
 
 Beginning in Windows 8.1, Windows automatically enables BitLocker device encryption on devices that support InstantGo. With Windows 10, Microsoft offers device encryption support on a much broader range of devices, including those that are InstantGo. Microsoft expects that most devices in the future will pass the testing requirements, which makes device encryption pervasive across modern Windows devices. Device encryption further protects the system by transparently implementing device-wide data encryption.
 
 Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. The following list outlines how this happens:
--   When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
--   If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
--   If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
--   Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+
+* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
+* If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
+* If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
+* Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+
 Microsoft recommends that device encryption be enabled on any systems that support it, but the automatic device encryption process can be prevented by changing the following registry setting:
--   **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
--   **Value**: PreventDeviceEncryption equal to True (1)
--   **Type**: REG\_DWORD
+- **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
+- **Value**: PreventDeviceEncryption equal to True (1)
+- **Type**: REG\_DWORD
+
 Administrators can manage domain-joined devices that have device encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, device encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required.
 
-**Used Disk Space Only encryption**
+#### Used Disk Space Only encryption
 
 BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted, in which case traces of the confidential data could remain on portions of the drive marked as unused.
 But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
 Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.
 
-**Encrypted hard drive support**
+#### Encrypted hard drive support
 
 SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.
 Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
-For more information about encrypted hard drives, see [Encrypted Hard Drive](http://go.microsoft.com/fwlink/p/?LinkId=733880).
+For more information about encrypted hard drives, see [Encrypted Hard Drive](https://go.microsoft.com/fwlink/p/?LinkId=733880).
 
-**Preboot information protection**
+### Preboot information protection
 
 An effective information protection implementation, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.
 It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.
 Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information about how to configure BitLocker for SSO, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
 
-**Manage passwords and PINs**
+### Manage passwords and PINs
 
 When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files.
+
 Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis.
 Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, InstantGo devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
 For more information about how startup security works and the countermeasures that Windows 10 provides, see [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md).
 
-**Configure Network Unlock**
+### Configure Network Unlock
 
 Some organizations have location-specific data security requirements. This is most common in environments where high-value data is stored on PCs. The network environment may provide crucial data protection and enforce mandatory authentication; therefore, policy states that those PCs should not leave the building or be disconnected from the corporate network. Safeguards like physical security locks and geofencing may help enforce this policy as reactive controls. Beyond these, a proactive security control that grants data access only when the PC is connected to the corporate network is necessary.
 
 Network Unlock enables BitLocker-protected PCs to start automatically when connected to a wired corporate network on which Windows Deployment Services runs. Anytime the PC is not connected to the corporate network, a user must type a PIN to unlock the drive (if PIN-based unlock is enabled).
 Network Unlock requires the following infrastructure:
--   Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
--   A server running Windows Server 2012 with the Windows Deployment Services role
--   A server with the DHCP server role installed
-For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](http://go.microsoft.com/fwlink/p/?LinkId=733905).
-**Microsoft BitLocker Administration and Monitoring**
-Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
--   Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
--   Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
--   Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
--   Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
--   Enables end users to recover encrypted devices independently by using the Self-Service Portal.
--   Enables security officers to easily audit access to recovery key information.
--   Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
--   Enforces the BitLocker encryption policy options that you set for your enterprise.
--   Integrates with existing management tools, such as System Center Configuration Manager.
--   Offers an IT-customizable recovery user experience.
--   Supports Windows 10.
 
-For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](http://go.microsoft.com/fwlink/p/?LinkId=626935) on the MDOP TechCenter.
+* Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
+* A server running Windows Server 2012 with the Windows Deployment Services role
+* A server with the DHCP server role installed
+
+For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](https://go.microsoft.com/fwlink/p/?LinkId=733905).
+
+### Microsoft BitLocker Administration and Monitoring
+
+>>>>>>> refs/remotes/origin/master
+Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
+
+* Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
+* Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
+* Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
+* Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
+* Enables end users to recover encrypted devices independently by using the Self-Service Portal.
+* Enables security officers to easily audit access to recovery key information.
+* Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
+* Enforces the BitLocker encryption policy options that you set for your enterprise.
+* Integrates with existing management tools, such as System Center Configuration Manager.
+* Offers an IT-customizable recovery user experience.
+* Supports Windows 10.
+
+For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](https://go.microsoft.com/fwlink/p/?LinkId=626935) on the MDOP TechCenter.
 
 ## <a href="" id="malware"></a>Malware resistance
 
@@ -340,19 +351,21 @@ In Windows 10 and Windows Server 2016, client connections to the Active Director
 This change reduces the likelihood of man-in-the-middle attacks.
 - **What works differently?**
 If SMB signing and mutual authentication are unavailable, a Windows 10 or Windows Server 2016 computer won’t process domain-based Group Policy and scripts.
-> **Note:** The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
+>[!NOTE]
+>The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
 
-For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](http://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=789215).
+For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](https://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=789215).
  
-**Secure hardware**
+#### Secure hardware
 
 Although Windows 10 is designed to run on almost any hardware capable of running Windows 8, Windows 7, or Windows Vista, taking full advantage of Windows 10 security requires advancements in hardware-based security, including UEFI with Secure Boot, CPU virtualization features (for example, Intel VT-x), CPU memory-protection features (for example, Intel VT-d), TPM, and biometric sensors.
 
-**UEFI with Secure Boot**
+#### UEFI with Secure Boot
 
 When a PC starts, it begins the process of loading the operating system by locating the bootloader on the PC’s hard drive. Without safeguards in place, the PC may simply hand control over to the bootloader without even determining whether it is a trusted operating system or malware.
 
 UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the device.
+
 UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the PC’s hardware manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection from firmware bootkits. Thus, UEFI is the first link in the chain of trust.
 
 UEFI with Secure Boot became a hardware requirement starting with Windows 8 devices. If a PC supports UEFI, it must be enabled by default. It is possible to disable the Secure Boot feature on many devices, but Microsoft strongly discourages doing so because it dramatically reduces the security of the startup process.
@@ -360,32 +373,36 @@ UEFI with Secure Boot became a hardware requirement starting with Windows 8 dev
 When a PC with UEFI and Secure Boot starts, the UEFI firmware verifies the bootloader’s digital signature to verify that it has not been modified after it was digitally signed. The firmware also verifies that a trusted authority issued the bootloader’s digital signature. This check helps to ensure that the system starts only after checking that the bootloader is both trusted and unmodified since signing.
 
 All Windows 8 certified PCs must meet several requirements related to Secure Boot:
--   They must have Secure Boot enabled by default.
--   They must trust Microsoft’s certification authority (CA) and thus any bootloader Microsoft has signed.
--   They must allow the user to add signatures and hashes to the UEFI database.
--   They must allow the user to completely disable Secure Boot (although administrators can restrict this).
+
+* They must have Secure Boot enabled by default.
+* They must trust Microsoft’s certification authority (CA) and thus any bootloader Microsoft has signed.
+* They must allow the user to add signatures and hashes to the UEFI database.
+* They must allow the user to completely disable Secure Boot (although administrators can restrict this).
 
 This behavior doesn’t limit the choice of operating system. In fact, users typically have three options for running non-Microsoft operating systems:
--   **Use an operating system with a Microsoft-signed bootloader.** Microsoft offers a service to sign non-Microsoft bootloaders so that they can be used on the device. In this case, a signature from the Microsoft third-party UEFI 
-CA is used to sign the non-Microsoft bootloader, and the signature itself is added to the UEFI database. Several non-Microsoft operating systems, including several varieties of Linux, have had their bootloaders signed by Microsoft so that they can take advantage of the Secure Boot capability. For more information about the Microsoft third-party UEFI signing policy, read [Microsoft UEFI CA Signing policy updates](http://go.microsoft.com/fwlink/p/?LinkId=626936) and [Pre-submission testing for UEFI submissions](http://go.microsoft.com/fwlink/p/?LinkId=626937).
 
-    **Note**  
-    PCs configured to use Device Guard boot only a secured version of Windows and do not permit a third-party bootloader. For more information, see the [Device Guard](#device-guard) section of this document.
-     
--   **Configure UEFI to trust a non–Microsoft-signed bootloader or hashes.** Some Certified For Windows 8 or later PCs allow users to add noncertified bootloaders through a signature or hashes sent to the UEFI database, which allows them to run any operating system without Microsoft signing it.
--   **Turn off Secure Boot.**Windows 8 certified PCs allow users to turn off Secure Boot so they can run unsigned operating systems. In this mode, the behavior is identical to PCs that have BIOS: The PC simply runs the bootloader without any verification. Microsoft strongly recommends that Secure Boot remain enabled whenever the device starts so that it can help prevent bootkit infections.
+- **Use an operating system with a Microsoft-signed bootloader.** Microsoft offers a service to sign non-Microsoft bootloaders so that they can be used on the device. In this case, a signature from the Microsoft third-party UEFI 
+CA is used to sign the non-Microsoft bootloader, and the signature itself is added to the UEFI database. Several non-Microsoft operating systems, including several varieties of Linux, have had their bootloaders signed by Microsoft so that they can take advantage of the Secure Boot capability. For more information about the Microsoft third-party UEFI signing policy, read [Microsoft UEFI CA Signing policy updates](https://go.microsoft.com/fwlink/p/?LinkId=626936) and [Pre-submission testing for UEFI submissions](https://go.microsoft.com/fwlink/p/?LinkId=626937).
 
-    **Note**  
-    With Windows 10, original equipment manufacturers (OEMs) have the ability to ship built-to-order PCs that lock down UEFI Secure Boot so that it cannot be disabled and allows only the operating system of the customer’s choice to start on the device.
+   >[!NOTE] 
+   >PCs configured to use Device Guard boot only a secured version of Windows and do not permit a third-party bootloader. For more information, see the [Device Guard](#device-guard) section of this document.
      
-Windows, apps, and even malware cannot change the UEFI configuration. Instead, users must be physically present to manually boot a PC into a UEFI shell, and then change UEFI firmware settings. For more information about UEFI Secure Boot, read [Protecting the pre-OS environment with UEFI](http://go.microsoft.com/fwlink/p/?LinkId=626938).
-**Virtualization-based security**
+- **Configure UEFI to trust a non–Microsoft-signed bootloader or hashes.** Some Certified For Windows 8 or later PCs allow users to add noncertified bootloaders through a signature or hashes sent to the UEFI database, which allows them to run any operating system without Microsoft signing it.
+- **Turn off Secure Boot.**Windows 8 certified PCs allow users to turn off Secure Boot so they can run unsigned operating systems. In this mode, the behavior is identical to PCs that have BIOS: The PC simply runs the bootloader without any verification. Microsoft strongly recommends that Secure Boot remain enabled whenever the device starts so that it can help prevent bootkit infections.
+
+>[!NOTE]  
+>With Windows 10, original equipment manufacturers (OEMs) have the ability to ship built-to-order PCs that lock down UEFI Secure Boot so that it cannot be disabled and allows only the operating system of the customer’s choice to start on the device.
+     
+Windows, apps, and even malware cannot change the UEFI configuration. Instead, users must be physically present to manually boot a PC into a UEFI shell, and then change UEFI firmware settings. For more information about UEFI Secure Boot, read [Protecting the pre-OS environment with UEFI](https://go.microsoft.com/fwlink/p/?LinkId=626938).
+
+#### Virtualization-based security
 
 One of the most powerful changes to Windows 10 is virtual-based security. Virtual-based security (VBS) takes advantage of advances in PC virtualization to change the game when it comes to protecting system components from compromise. VBS is able to isolate some of the most sensitive security components of Windows 10. These security components aren’t just isolated through application programming interface (API) restrictions or a middle-layer: They actually run in a different virtual environment and are isolated from the Windows 10 operating system itself.
 
 VBS and the isolation it provides is accomplished through the novel use of the Hyper V hypervisor. In this case, instead of running other operating systems on top of the hypervisor as virtual guests, the hypervisor supports running the VBS environment in parallel with Windows and enforces a tightly limited set of interactions and access between the environments.
 
 Think of the VBS environment as a miniature operating system: It has its own kernel and processes. Unlike Windows, however, the VBS environment runs a micro-kernel and only two processes called trustlets:
+
 -   **Local Security Authority (LSA)** enforces Windows authentication and authorization policies. LSA is a well-known security component that has been part of Windows since 1993. Sensitive portions of LSA are isolated within the VBS environment and are protected by a new feature called Credential Guard.
 -   **Hypervisor-enforced code integrity** verifies the integrity of kernel-mode code prior to execution. This is a part of the [Device Guard](#device-guard) feature described later in this document.
 VBS provides two major improvements in Windows 10 security: a new trust boundary between key Windows system components and a secure execution environment within which they run. A trust boundary between key Windows system components is enabled though the VBS environment’s use of platform virtualization to isolate the VBS environment from the Windows operating system. Running the VBS environment and Windows operating system as guests on top of Hyper-V and the processor’s virtualization extensions inherently prevents the guests from interacting with each other outside the limited and highly structured communication channels between the trustlets within the VBS environment and Windows operating system.
@@ -394,23 +411,25 @@ VBS acts as a secure execution environment because the architecture inherently p
 
 The VBS architecture is illustrated in Figure 2.
 
-![figure 2](images/security-fig2-vbsarchitecture.png)
+![Example of VBS architecture](images/security-fig2-vbsarchitecture-redo.png "Example of VBS architecture")
 
 Figure 2. The VBS architecture
 
 Note that VBS requires a system that includes:
--   Windows 10 Enterprise Edition
--   A-64-bit processor
--   UEFI with Secure Boot
--   Second-Level Address Translation (SLAT) technologies (for example, Intel Extended Page Tables \[EPT\], AMD Rapid Virtualization Indexing \[RVI\])
--   Virtualization extensions (for example, Intel VT-x, AMD RVI)
--   I/O memory management unit (IOMMU) chipset virtualization (Intel VT-d or AMD-Vi)
--   TPM 2.0
 
-**Trusted Platform Module**
+* Windows 10 Enterprise Edition
+* A 64-bit processor
+* UEFI with Secure Boot
+* Second-Level Address Translation (SLAT) technologies (for example, Intel Extended Page Tables \[EPT\], AMD Rapid Virtualization Indexing \[RVI\])
+* Virtualization extensions (for example, Intel VT-x, AMD RVI)
+* I/O memory management unit (IOMMU) chipset virtualization (Intel VT-d or AMD-Vi)
+* TPM 2.0
+
+#### Trusted Platform Module
 
 A TPM is a tamper-resistant cryptographic module designed to enhance the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a personal computer, tablet, or phone. The computing platform is specially designed to work with the TPM to support privacy and security scenarios that cannot be achieved through software alone. A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, a key created in a TPM with the property that it can never be exported from the TPM really means the key cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling reliable report of the software used to start a platform.
 The functionality a TPM provides includes:
+
 -   **Cryptographic key management.** Create, store, and permit the use of keys in defined ways.
 -   **Safeguarding and reporting integrity measurements.** Software used to boot the platform can be recorded in the TPM and used to establish trust in the software running on the platform.
 -   **Prove a TPM is really a TPM.** The TPM’s capabilities are so central to protecting privacy and security that a TPM needs to be able to differentiate itself from malware that masquerades as a TPM.
@@ -418,95 +437,112 @@ The functionality a TPM provides includes:
 Microsoft combined this small list of TPM benefits with Windows 10 and other hardware security technologies to provide practical security and privacy benefits.
 
 Among other functions, Windows 10 uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and the many other keys that the TPM is used to generate. Windows 10 also uses the TPM to securely record and protect integrity-related measurements of select hardware and Windows boot components for the [Measured Boot](#measure-boot) feature described later in this document. In this scenario, Measured Boot measures each component, from firmware up through the drivers, and then stores those measurements in the PC’s TPM. From there, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 PC.
+
 Windows 10 supports TPM implementations that comply with either the 1.2 or 2.0 standards. Several improvements have been made in the TPM 2.0 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. At the time the TPM 1.2 standard was created in the early 2000s, these algorithms were considered cryptographically strong. Since that time, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection as well as the ability to plug in algorithms that may be preferred in certain geographies or industries. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
 
 TPM is usually assumed to be implanted in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 supports both discrete and firmware TPM that complies with the 2.0 standard (1.2 can only be discrete). Windows does not differentiate between discrete and firmware-based solutions because they must meet the same requirements; therefore, any Windows feature that can take advantage of TPM can use either implementation.
 
-**Note**  
-Microsoft will not initially require new Windows 10 PCs to include TPM support. Microsoft will require systems to include a TPM 2.0 beginning one year from the launch of Windows 10, however, to give manufacturers enough time to incorporate this critical functionality and to give IT pros enough time to determine which benefits they will leverage.
+>[!NOTE] 
+>Microsoft will not initially require new Windows 10 PCs to include TPM support. Microsoft will require systems to include a TPM 2.0 beginning one year from the launch of Windows 10, however, to give manufacturers enough time to incorporate this critical functionality and to give IT pros enough time to determine which benefits they will leverage.
  
 Several Windows 10 security features require TPM:
--   Virtual smart cards
--   Measured Boot
--   Health attestation (requires TPM 2.0 or later)
--   InstantGo (requires TPM 2.0 or later)
+* Virtual smart cards
+* Measured Boot
+* Health attestation (requires TPM 2.0 or later)
+* InstantGo (requires TPM 2.0 or later)
 
 Other Windows 10 security features like BitLocker may take advantage of TPM if it is available but do not require it to work. An example of this is Microsoft Passport.
 
 All of these features are covered in this document.
 
-**Biometrics**
+#### Biometrics
 
 You read in the [Windows Hello](#windows-hello) section of this document that Windows 10 has built-in support for biometric hardware. Windows has included some amount of built-in biometric support since the Windows XP operating system, so what’s different about this in Windows 10?
+
 Windows 10 makes biometrics a core security feature. Biometrics is fully integrated into the Windows 10 security components, not just tacked on as an extra part of a larger scheme. This is a big change. Earlier biometric implementations were largely front-end methods to simplify authentication. Under the hood, biometrics was used to access a password, which was then used for authentication behind the scenes. Biometrics may have provided convenience but not necessarily enterprise-grade authentication.
+
 Microsoft has evangelized the importance of enterprise-grade biometric sensors to the OEMs that create Windows PCs and peripherals. Many OEMs already ship systems that have integrated fingerprint sensors and are transitioning from swipe-based to touch-based sensors. Facial-recognition sensors were already available when Windows 10 launched and are becoming more commonplace as integrated system components.
+
 In the future, Microsoft expects OEMs to produce even more enterprise-grade biometric sensors and to continue to integrate them into systems as well as provide separate peripherals. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
 
-**Secure Windows startup**
+#### Secure Windows startup
 
 UEFI Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the devices, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
 
-**Trusted Boot**
+#### Trusted Boot
 
 When UEFI Secure Boot verifies that the bootloader is trusted and starts Windows, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (for example, signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM component.
+
 If a file has been modified (for example, if malware has tampered with it or it has been corrupted), Trusted Boot will detect the problem and automatically repair the corrupted component. When repaired, Windows will start normally after only a brief delay.
 
-**Early Launch Antimalware**
+#### Early Launch Antimalware
 
 Malware that targeted previous versions of Windows often attempted to start before the antimalware solution. To do this, some types of malware would update or replace a non-Microsoft–related driver that starts during the Windows startup process. The malicious driver would then use its system access privileges to modify critical parts of the system and disguise its presence so it could not be detected when the antimalware solution later started.
+
 Early Launch Antimalware (ELAM) is part of the Trusted Boot feature set and is designed to enable the antimalware solution to start before all non-Microsoft drivers and apps. ELAM checks the integrity of non-Microsoft drivers to determine whether the drivers are trustworthy. Because Windows needs to start as fast as possible, ELAM cannot be a complicated process of checking the driver files against known malware signatures; doing so would delay startup too much. Instead, ELAM has the simple task of examining every boot driver and determining whether it is on the list of trusted drivers. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits. ELAM also allows the registered antimalware provider to scan drivers that are loaded after the boot process is complete.
+
 The design is simple but effective. ELAM is a component of a full-featured antimalware solution, and it helps prevent malicious drivers and apps from starting before the rest of the antimalware solution starts later during the boot process. Indeed, ELAM runs only for a few seconds each time a PC starts. Windows Defender in Windows 10 supports ELAM, as does Microsoft System Center 2012 Endpoint Protection and several non-Microsoft antimalware apps.
+
 If you want to learn how to configure ELAM, you can use Group Policy settings to configure how ELAM responds to potentially malicious boot drivers. In the Group Policy Management Editor, go to Computer Configuration\\Administrative Templates\\System\\Early Launch Antimalware, and enable the **Boot-Start Driver Initialization Policy** setting. Now, you can select which driver classifications ELAM loads. When you select the **Good Only** setting, it provides the highest level of security, but test it thoroughly to ensure that it does not prevent users with healthy PCs from starting.
 
-### <a href="" id="measure-boot"></a>
-
-**Measured Boot**
+#### Measured Boot
 
 The biggest challenge with rootkits and bootkits in earlier versions of Windows is that they can frequently be undetectable to the client. Because they often start before Windows defenses and the antimalware solution and they have system-level privileges, rootkits and bootkits can completely disguise themselves while continuing to access system resources. Although UEFI Secure Boot and Trusted Boot can prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (for example, if UEFI with Secure Boot is disabled or if the signature used to sign a boot component, such as a non-Microsoft driver, has been compromised and is used to sign a malicious one).
+
 Windows 10 implements the Measured Boot feature, which uses the TPM hardware component built into newer PCs to record a series of measurements for critical startup-related components, including firmware, Windows boot components, drivers, and even the ELAM driver. Because Measured Boot leverages the hardware-based security capabilities of TPM, which isolates and protects the measurement data from malware attacks, the log data is well protected against even sophisticated attacks.
 
 Measured Boot focuses on acquiring the measurement data and protecting it from tampering. It must be coupled with a service that can analyze the data to determine device health and provide a more complete security service. The next section introduces just such a service.
 
-**Verify device compliance for conditional access to corporate resources**
+#### Verify device compliance for conditional access to corporate resources
 
 Measured Boot itself does not prevent malware from loading during the startup process – that is the job of Secure Boot, Device Guard, and ELAM. Instead, Measured Boot provides a TPM-protected audit log that allows a trusted remote health attestation service to evaluate the PC’s startup components, state, and overall configuration. If the health attestation service detects that the PC loaded an untrustworthy component and is therefore out of compliance, the service can block the PC’s access to specific network resources or the entire network. You can even couple a health attestation service with a management system to facilitate conditional access capabilities that can initiate the quarantine and remediation processes to fix an infected PC and return it to a compliant state.
 
-![figure 3](images/security-fig3-healthattestation.png)
+![Health Attestation in Windows 10](images/security-fig3-healthattestation.png "Health Attestation in Windows 10")
 
 Figure 3. Health Attestation in Windows 10
 
 Figure 3 illustrates the following process for device compliance verification and conditional access implementation:
 
 1.  The PC uses the TPM to record measurements of the bootloader, boot drivers, and ELAM driver. The TPM prevents anyone from tampering with these measurements, so even if malware is successfully loaded, it will not be able to modify the measurements. These measurements are signed with an Attestation Identity Key (AIK) that is stored in the TPM. Because the TPM hardware has signed the measurements, malware cannot modify them without being detected.
+
 2.  Health Attestation is not enabled by default and requires an enrollment with a mobile device management (MDM) server in order to enable it. If it is enabled, the health attestation client will contact a remote server, called a health attestation server. Microsoft provides a cloud-based Windows Health Attestation service that can help evaluate the health of a device. The health attestation client sends the signed measurements, the device’s TPM boot log, and an AIK certificate (if present), which lets the health attestation server verify that the key used to sign the measurements was issued to a trusted TPM.
+
 3.  The health attestation server analyzes the measurements and boot log and creates a statement of device health. This statement is encrypted to help ensure the confidentiality of the data.
+
 4.  A management system, such as an MDM server, can request that an enrolled device present a statement of device health. Windows 10 supports both Microsoft and non-Microsoft MDM server requests for device health. To prevent theft of device health statements and reuse from other devices, an MDM server sends the enrolled device a “number used only once” (nonce) request along with this request for the device health statement.
+
 5.  The enrolled device digitally signs the nonce with its AIK (which is stored in the TPM) and sends the MDM server the encrypted statement of device health, the digitally signed nonce, and a signed boot counter, which asserts that the device has not been restarted since it obtained the statement of health.
+
 6.  The MDM server can send the same data to the health attestation server. The server decrypts the statement of health, asserts that the boot counter in the statement matches the boot counter that was sent to the MDM server, and compiles a list of health attributes.
+
 7.  The health attestation server sends this list of health attributes back to the MDM server. The MDM server now enforces access and compliance policies if configured to do so.
 
+
 For a list of data points that the health attestation server verifies, along with a description of the data, see the [HealthAttestation CSP article on MSDN](http://go.microsoft.com/fwlink/p/?LinkId=626940).
+
 The management system’s implementation determines which attributes within the statement of device health are evaluated when assessing a device’s health. Broadly speaking, the management server receives information about how the device booted, what kind of policy is enforced on the device, and how data on the device is secured. Depending on the implementation, the management server may add checks that go beyond what the statement of device health provides—for example, Windows patch level and other device attributes.
+
 Based on these data points, the management server can determine whether the client is healthy and grant it access to either a limited quarantine network or to the full network. Individual network resources, such as servers, can also grant or deny access based on whether the remote attestation client were able to retrieve a valid health certification from the remote attestation server.
+
 Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider the implementation of a management system, like Microsoft Intune, or any management solutions that take advantage of the Windows 10 cloud-based Health Attestation Server feature to detect and block devices that have been infected with advanced malware from network resources.
 
-## Secure the Windows core
+### Secure the Windows core
 
 Applications built for Windows are designed to be secure and free of defects, but the reality is that as long as human beings are writing code, vulnerabilities will continue to crop up. When identified, malicious users and software may attempt to exploit vulnerabilities by manipulating data in memory in the hope that they can bootstrap a successful exploit.
+
 To mitigate these risks, Windows 10 includes core improvements to make it more difficult for malware to perform buffer overflow, heap spraying, and other low-level attacks and even which code is allowed to run on the PC. In addition, these improvements dramatically reduce the likelihood that newly discovered vulnerabilities result in a successful exploit. It takes detailed knowledge of operating system architecture and malware exploit techniques to fully appreciate the impact of these improvements, but the sections that follow explain them at a high level.
 
-### <a href="" id="device-guard"></a>
-
-**Device Guard**
+#### Device Guard
 
 Today’s security threat landscape is more aggressive than ever before. Modern malicious attacks are focused on revenue generation, intellectual property theft, and targeted system degradation resulting in financial loss. Many of these nefarious attackers are sponsored by nation states that have ulterior motives and large cyber-terrorism budgets. These threats can enter a company through something as simple as an email and can permanently damage the organization’s reputation for securing employee and customer data and intellectual property, not to mention having a significant financial impact. The Windows 10 operating system introduces several new security features that help mitigate a large percentage of today’s known threats.
 
 It is estimated that more than 300,000 new malware variants are discovered daily. Unfortunately, companies currently use an ancient method to discover this infectious software and prevent its use. In fact, current PCs trust everything that runs until antimalware signatures determine whether a threat exists; then, the antimalware software attempts to clean the PC, often after the malicious software’s effect has already occurred. This signature-based system focuses on reacting to an infection and then ensuring that that particular infection does not happen again. In this model, the system that drives malware detection relies on the discovery of malicious software; only then can a signature be provided to the client to remediate it, which implies that a computer has often already been infected. The time between detection of the malware and a client being issued a signature could mean the difference between losing data and staying safe.
 
 In addition to antimalware solutions, “app control” or “whitelisting” technologies are available, including AppLocker. These perform single-instance or blanket allow or deny rules for running applications. In Windows 10, these types of solutions are most effective when deployed alongside the Windows 10 Device Guard feature.
+
 Device Guard breaks the current model of detection first-block later and allows only trusted applications to run, period. This methodology is consistent with the successful prevention strategy for mobile phone security. With Device Guard, Microsoft has changed how the Windows operating system handles untrusted applications, which makes its defenses difficult for malware to penetrate. This new prevention versus detection model will provide Windows clients with the necessary security for modern threats and, when implemented, mitigates many of today’s threats from day one.
 
-**Device Guard overview**
+#### Device Guard overview
 
 Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features revolutionize the Windows operating system’s security by taking advantage of new VBS options to protect the system core and the processes and drivers running in kernel mode—the trust-nothing model you see in mobile device operating systems. A key feature used with Device Guard is *configurable code integrity*, which allows your organization to choose exactly which software from trusted software publishers is allowed to run code on your client machines—exactly what has made mobile phone security on some platforms, such as Windows Mobile, so successful. Trusted applications are those signed directly (in other words, binaries) or indirectly by using a signed file that lists the hash values for application binaries that are considered trustworthy. In addition, Device Guard offers organizations a way to sign existing LOB applications so that they can trust their own code without the requirement that the application be rebuilt or packaged. Also, this same method of signing can provide organizations a way to trust non-Microsoft applications, including those that may not have been signed directly. Device Guard with configurable code integrity, Credential Guard, and AppLocker present the most complete security defense that any Microsoft product has ever been able to offer a Windows client.
 
@@ -526,7 +562,7 @@ To deliver this additional security, Device Guard has the following hardware and
 
 Along with these new features, some components of Device Guard are existing tools or technologies that have been included in this strategic security offering to provide customers with the most secure Windows operating system possible. Device Guard is intended as a set of client security features to be used in conjunction with the other threat-resistance features available in the Windows operating system, some of which are mentioned in this guide.
 
-**Configurable code integrity**
+#### Configurable code integrity
 
 The Windows operating system consists of two operating modes: user mode and kernel mode. The base of the operating system runs within the kernel mode, which is where the Windows operating system directly interfaces with hardware resources. User mode is primarily responsible for running applications and brokering information to and from the kernel mode for hardware resource requests. For example, when an application running in user mode needs additional memory, the user mode process must request the resources from the kernel, not directly from RAM.
 
@@ -534,33 +570,32 @@ Code integrity is the component of the Windows operating system that verifies th
 
 Historically, most malware has been unsigned. Simply by deploying code integrity policies, organizations will immediately protect themselves against unsigned malware, which is estimated to be responsible for the vast majority of current attacks. By using code integrity policies, an enterprise can also select exactly which binaries are allowed to run in both user mode and kernel mode based on the signer, binary hash, or both. When completely enforced, it makes user mode in Windows function like some mobile platforms, trusting and running only specific applications or specific signatures. This feature alone fundamentally changes security in an enterprise. This additional security is *not* limited to Windows apps and does *not* require an application rewrite to be compatible with your existing and possibly unsigned applications. You can run configurable code integrity independent of Device Guard, thus making it available to devices that don’t meet Device Guard hardware requirements.
 
-**Hardware security features and VBS**
+#### Hardware security features and VBS
 
 The core functionality and protection of Device Guard starts at the hardware level. Devices that have processors equipped with SLAT technologies and virtualization extensions, such as Intel VT x and AMD V, will be able to take advantage of a VBS environment that dramatically enhances Windows security by isolating critical Windows services from the operating system itself. This isolation is necessary, because you must assume that the operating system kernel will be compromised, and you need assurance that some processes will remain secure.
 
-Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to protect all kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can’t happen in the first place.
+Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can't happen in the first place.
+
 Another Windows 10 feature that employs VBS is Credential Guard. Credential Guard protects credentials by running the Windows authentication service known as LSA, and then storing the user’s derived credentials (for example, NTLM hashes; Kerberos tickets) within the same VBS environment that Device Guard uses to protect its HVCI service. By isolating the LSA service and the user’s derived credentials from both user mode and kernel mode, an attacker that has compromised the operating system core will still be unable to tamper with authentication or access derived credential data. Credential Guard prevents pass-the-hash and ticket types of attacks, which are central to the success of nearly every major network breach you’ve read about, which makes Credential Guard one of the most impactful and important features to deploy within your environment. For more information about how Credential Guard complements Device Guard, see the [Device Guard with Credential Guard](#dgwithcg) section.
 
-**Device Guard with AppLocker**
+#### Device Guard with AppLocker
 
 Although AppLocker is not considered a new Device Guard feature, you can use it to complement configurable code integrity functionality when enforced code integrity cannot be fully implemented or its functionality does not cover every desired scenario. There are many scenarios in which you could use code integrity policies alongside AppLocker rules. As a best practice, enforce code integrity policies at the most restrictive level possible for your organization, and then use AppLocker to fine-tune the restrictions to an even lower level.
 
-**Note**  
-One example in which Device Guard functionality needs AppLocker supplementation is when your organization would like to limit which universal applications from the Windows Store users can install on a device. Microsoft has already validated universal applications from the Windows Store as trustworthy to run, but an organization may not want to allow specific universal applications to run in its environment. You could use an AppLocker rule to enforce such a stance.
+>[!NOTE]  
+>One example in which Device Guard functionality needs AppLocker supplementation is when your organization would like to limit which universal applications from the Windows Store users can install on a device. Microsoft has already validated universal applications from the Windows Store as trustworthy to run, but an organization may not want to allow specific universal applications to run in its environment. You could use an AppLocker rule to enforce such a stance.
 
 In another example, you could enable a configurable code integrity policy to allow users to run all the apps from a specific publisher. To do so, you would add the publisher’s signature to the policy. If your organization decides that only specific apps from that publisher should be allowed to run, you would add the signature for the publisher to the configurable code integrity policy, and then use AppLocker to determine which specific apps can run.
  
 AppLocker and Device Guard can run side-by-side in your organization, which offers the best of both security features at the same time and provides the most comprehensive security to as many devices as possible. In addition to these features, Microsoft recommends that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio.
 
-### <a href="" id="dgwithcg"></a>
-
-**Device Guard with Credential Guard**
+#### Device Guard with Credential Guard
 
 Although Credential Guard isn’t a feature within Device Guard, many organizations will likely deploy Credential Guard alongside Device Guard for additional protection against derived credential theft. Similar to virtualization-based protection of kernel mode through the Device Guard HVCI service, Credential Guard leverages hypervisor technology to protect the Windows authentication service (the LSA) and users’ derived credentials. This mitigation is targeted at preventing the use of pass-the-hash and pass-the-ticket techniques.
 
 Because Credential Guard uses VBS, it is decisive in its ability to prevent pass-the-hash and pass-the-ticket attacks from occurring on Windows 10 devices. Microsoft recognizes, however, that most organizations will have a blend of Windows versions running in their environments. Mitigations for devices not capable of running Credential Guard on both the client side and the server side are available to help with this scenario. Microsoft will be releasing details to TechNet regarding these additional mitigations in the near future.
 
-**Unified manageability through Device Guard**
+#### Unified manageability through Device Guard
 
 You can easily manage Device Guard features through the familiar enterprise and client-management tools that IT pros use every day. Use the following management tools to enable and manage Device Guard:
 -   **Group Policy.**Windows 10 provides an administrative template that you can use to configure and deploy the configurable code integrity policies for your organization. This template also allows you to specify which hardware-based security features you would like to enable and deploy. You can manage these settings with your existing Group Policy objects, which makes it simple to implement Device Guard features. In addition to the code integrity and hardware-based security features, Group Policy can help you manage your catalog files.
@@ -569,19 +604,19 @@ You can easily manage Device Guard features through the familiar enterprise and
 -   **Windows PowerShell.** You use Windows PowerShell primarily to create and service code integrity policies. These policies represent the most impactful component of Device Guard.
 These options provide the same experience you’re used to for management of your existing enterprise management solutions.
 
-**Address Space Layout Randomization**
+#### Address Space Layout Randomization
 
 One of the most common techniques used to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data have been placed, and then overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
 Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 4 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts.
 
-![image 4](images/security-fig4-aslr.png)
+![ASLR at work](images/security-fig4-aslr.png "ASLR at work")
 
 Figure 4. ASLR at work
 
 Although the ASLR implementation in Windows 7 was effective, it wasn’t applied holistically across the operating system, and the level of entropy (cryptographic randomization) wasn’t always at the highest possible level. To decrease the likelihood that sophisticated attacks such as heap spraying could succeed in the Windows 8 operating system, Microsoft applied ASLR holistically across the system and increased the level of entropy many times.
 The ASLR implementation in Windows 8 and Windows 10 is greatly improved over Windows 7, especially with 64-bit system and application processes that can take advantage of a vastly increased memory space, which makes it even more difficult for malware to predict where Windows 10 stores vital data. When used on systems that have TPMs, ASLR memory randomization will be increasingly unique across devices, which makes it even more difficult for a successful exploit that works on one system to work reliably on another.
 
-**Data Execution Prevention**
+#### Data Execution Prevention
 
 Malware depends on its ability to put a malicious payload into memory with the hope that it will be executed later, and ASLR will make that much more difficult. Wouldn’t it be great if you could prevent malware from running if it wrote to an area that has been allocated solely for the storage of information?
 
@@ -598,11 +633,11 @@ If you want to see which apps use DEP, complete these steps:
 
 You can now see which processes have DEP enabled. Figure 5 shows the processes running on a Windows 10 PC with a single process that does not support DEP.
 
-![figure 5](images/security-fig5-dep.png)
+![Processes with DEP enabled in Windows 10](images/security-fig5-dep.png "Processes with DEP enabled in Windows 10")
 
 Figure 5. Processes on which DEP has been enabled in Windows 10
 
-**Windows Heap**
+#### Windows Heap
 
 The *heap* is a location in memory that Windows uses to store dynamic application data. Windows 10 continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that could be used as part of an attack.
 
@@ -613,17 +648,19 @@ Windows 10 has several important improvements to the security of the heap over
 
 Windows 10 resolves known heap attacks that could be used to compromise a PC running previous versions of Windows.
 
-**Memory reservations**
+#### Memory reservations
 
 The lowest 64 KB of process memory is reserved for the system. Apps are no longer allowed to allocate that portion of the memory, which makes it more difficult for malware to overwrite critical system data structures in memory.
 
-**Control Flow Guard**
+#### Control Flow Guard
 
 When applications are loaded into memory, they are allocated space based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships between the code locations are well known—they are written in the code itself—but previous to Windows 10, the flow between these locations was not enforced, which gives attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
+
 This kind of threat is mitigated in Windows 10 through the Control Flow Guard (CFG) feature. When a trusted application that was compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If the location is not trusted, the application is immediately terminated as a potential security risk.
+
 An administrator cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when the application is compiled. Administrators should consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. Of course, browsers are a key entry point for attacks; thus Microsoft Edge, IE, and other Windows features take full advantage of CFG.
 
-**Protected Processes**
+#### Protected Processes
 
 Benjamin Franklin once said that "an ounce of prevention is worth a pound of cure." His wisdom directly applies to PC security. Most security controls are designed to prevent the initial infection point. The reasoning is that if malware cannot infect the system, the system is immune to malware.
 
@@ -633,12 +670,12 @@ The key security scenario is to assume that malware is running on a system but l
 
 With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and for the first time, you can put antimalware solutions into the protected process space, which helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system.
 
-## Secure the Windows desktop
+### Secure the Windows desktop
 
 Windows 10 includes critical improvements to the Windows core and the desktop environment, where attacks and malware most frequently enter. The desktop environment is now more resistant to malware thanks to significant improvements to Windows Defender and SmartScreen Filters. Internet browsing is a safer experience because of Microsoft Edge, a completely new browser. The Windows Store reduces the likelihood that malware will infect devices by ensuring that all applications that enter the Windows Store ecosystem have been thoroughly reviewed before being made available. Universal Windows apps are inherently more secure than typical applications because they are sandboxed. Sandboxing restricts the application’s risk of being compromised or tampered with in a way that would put the system, data, and other applications at risk.
 The sections that follow describe Windows 10 improvements to application security in more detail.
 
-**Microsoft Edge and Internet Explorer 11**
+### Microsoft Edge and Internet Explorer 11
 
 Browser security is a critical component of any security strategy, and for good reason: The browser is the user’s interface to the Internet, an environment that is quite literally overwhelmed with malicious sites and content waiting to attack. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
 
@@ -653,45 +690,49 @@ Microsoft includes an entirely new browser, Microsoft Edge, in Windows 10. Micr
 
 In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10 primarily for backwards-compatibility with websites and binary extensions that do not work with Microsoft Edge. It should not be configured as the primary browser but rather as an optional or automatic switchover, as shown in Figure 6.
 
-![figure 6](images/security-fig6-edge2.png)
+![Configure Windows 10 for backwards-compatibility with IE11](images/security-fig6-edge2.png "Configure Windows 10 for backwards-compatibility with IE11")
 
 Figure 6. Configure Windows 10 to switch from Microsoft Edge to IE11 for backwards-compatibility.
 
 Microsoft’s recommendation is to use Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. For sites that require IE11 compatibility, including those that require binary extensions and plug ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. When configured, when users use Microsoft Edge and it identifies a site that requires IE11, they will automatically be switched to IE11.
 
-**The SmartScreen Filter**
+### The SmartScreen Filter
 
 Recent versions of Windows have many effective techniques to prevent malware from installing itself without the user’s knowledge. To work around those restrictions, malware attacks often use social engineering techniques to trick users into running software. For example, malware known as a Trojan horse pretends to be something useful, such as a utility, but carries an additional, malicious payload.
+
 Starting with Windows Internet Explorer 8, the SmartScreen Filter has helped protect users from both malicious applications and nefarious websites by using the SmartScreen Filter’s application and URL reputation services. The SmartScreen Filter in Internet Explorer would check URLs and newly downloaded apps against an online reputation service that Microsoft maintained. If the app or URL were not known to be safe, SmartScreen Filter would warn the user or even prevent the app or URL from loading, depending on how systems administrators had configured Group Policy settings.
+
 For Windows 10, Microsoft further developed the SmartScreen Filter by integrating its app reputation abilities into the operating system itself, which allows the filter to protect users regardless of the web browser they are using or the path that the app uses to arrive on the device (for example, email, USB flash drive). The first time a user runs an app that originates from the Internet, even if the user copied it from another PC, the SmartScreen Filter checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, the SmartScreen Filter warns the user or blocks execution entirely, depending on how the administrator has configured Group Policy (see Figure 7).
 
-![figure 7](images/security-fig7-smartscreenfilter.png)
+![SmartScreen Filter at work in Windows 10](images/security-fig7-smartscreenfilter.png "SmartScreen Filter at work in Windows 10")
 
 Figure 7. The SmartScreen Filter at work in Windows 10
 
 By default, users have the option to bypass SmartScreen Filter protection so that it will not prevent a user from running a legitimate app. You can use Control Panel or Group Policy settings to disable the SmartScreen Filter or to completely prevent users from running apps that the SmartScreen Filter does not recognize. The Control Panel settings are shown in Figure 8.
 
-![figure 8](images/security-fig8-smartscreenconfig.png)
+![SmartScreen configuration options](images/security-fig8-smartscreenconfig.png "SmartScreen configuration options")
 
 Figure 8. The Windows SmartScreen configuration options in Control Panel
 
-If you want to try the SmartScreen Filter, use Windows 7 to download this simulated (but not dangerous) malware file:[freevideo.exe](http://go.microsoft.com/fwlink/p/?LinkId=626943). Save it to your computer, and then run it from Windows Explorer. As shown in Figure 9, Windows runs the app without much warning. In Windows 7, you might receive a warning message about the app not having a certificate, but you can easily bypass it.
+If you want to try the SmartScreen Filter, use Windows 7 to download this simulated (but not dangerous) malware file:[freevideo.exe](https://go.microsoft.com/fwlink/p/?LinkId=626943). Save it to your computer, and then run it from Windows Explorer. As shown in Figure 9, Windows runs the app without much warning. In Windows 7, you might receive a warning message about the app not having a certificate, but you can easily bypass it.
 
-![figure 9](images/security-fig9-windows7allow.png)
+![Windows 7 allows the app to run](images/security-fig9-windows7allow.png "Windows 7 allows the app to run")
 
 Figure 9. Windows 7 allows the app to run
 
 Now, repeat the test on a computer running Windows 10 by copying the file to a Windows 10 PC or by downloading the file again and saving it to your local computer. Run the file directly from File Explorer, and the SmartScreen Filter will warn you before it allows it to run. Microsoft’s data shows that for a vast majority of users, that extra warning is enough to save them from a malware infection.
 
-**Universal Windows apps**
+### Universal Windows apps
 
 The good news is that the download and use of Universal Windows apps or even Windows Classic applications (Win32) from the Windows Store will dramatically reduce the likelihood that you encounter malware on your PC because all apps go through a careful screening process before being made available in the store. Apps that organizations build and distribute through sideloading processes will need to be reviewed internally to ensure that they meet organizational security requirements.
 
 Regardless of how users acquire Universal Windows apps, they can use them with increased confidence. Unlike Windows Classic applications, which can run with elevated privileges and have potentially sweeping access to the system and data, Universal Windows apps run in an AppContainer sandbox with limited privileges and capabilities. For example, Universal Windows apps have no system-level access, have tightly controlled interactions with other apps, and have no access to data unless the user explicitly grants the application permission.
+
 In addition, all Universal Windows apps follow the security principle of least privilege. Apps receive only the minimum privileges they need to perform their legitimate tasks, so even if an attacker exploits an app, the damage the exploit can do is severely limited and should be contained within the sandbox. The Windows Store displays the exact capabilities the app requires (for example, access to the camera), along with the app’s age rating and publisher.
+
 In the end, the Windows Store app distribution process and the app sandboxing capabilities of Windows 10 will dramatically reduce the likelihood that users encounter malicious apps on the system.
 
-**Windows Defender**
+### Windows Defender
 
 Antimalware software, also generically called virus scanners, antivirus, and a host of other names, has been around for a long time. Microsoft shipped its first program in this category, Microsoft Anti-Virus, in 1993 for MS DOS 6.0. At the time, the approach of running a standalone MS DOS program to locate and remove viruses was sufficient.
 
@@ -720,9 +761,9 @@ Figure 10. Windows Defender opt-in settings in Windows 10
 
 Of course, system administrators have centralized control of all Windows Defender settings through Group Policy. The Windows Defender configuration settings are shown under Computer Configuration/Windows Components/Windows Defender, as shown in Figure 11.
 
-![figure 11](images/security-fig11-defendersettings.png)
+![Windows Defender settings in Group Policy](images/security-fig11-defendersettings.png "Windows Defender settings in Group Policy")
 
-Figure 11. Windows Defender settings in Group Policy– the sample submission options are listed under MAPS
+Figure 11. Windows Defender settings in Group Policy – the sample submission options are listed under MAPS
 
 **Tamper proofing** is the safeguarding of Windows Defender itself against malware attacks. Malware creators assume that antimalware software is implemented on most PCs. Many malware creators choose to overcome that obstacle by designing malware that modifies the antimalware software in some way, such as disabling real-time scanning or by hiding specific processes. Some malware goes as far as completely disabling the antimalware software while making it appear fully functional to the user.
 
@@ -730,11 +771,12 @@ Windows Defender is designed to resist tampering; it uses several security techn
 
 **Empowerment of IT security professionals** means that Windows Defender gives IT pros the tools and configuration options necessary to make it an enterprise-class antimalware solution. It has numerous enterprise-level features 
 that put it on par with the top products in this category:
--   Integration with centralized management software, including Microsoft Intune, System Center Configuration Manager, and Microsoft System Center Operations Manager. Unlike Windows 8.1, no additional client is necessary, because Windows Defender is now integrated into Windows and only a management layer needs to be added.
--   Windows Defender supports the Open Mobile Alliance Device Management standard for centralized management by many non-Microsoft device management solutions.
--   It includes integrated classic command-line and Windows PowerShell cmdlet support.
--   Support for Windows Management Instrumentation reporting and application management is built in.
--   Full integration with Group Policy offers complete IT configuration management.
+
+* Integration with centralized management software, including Microsoft Intune, System Center Configuration Manager, and Microsoft System Center Operations Manager. Unlike Windows 8.1, no additional client is necessary, because Windows Defender is now integrated into Windows and only a management layer needs to be added.
+* Windows Defender supports the Open Mobile Alliance Device Management standard for centralized management by many non-Microsoft device management solutions.
+* It includes integrated classic command-line and Windows PowerShell cmdlet support.
+* Support for Windows Management Instrumentation reporting and application management is built in.
+* Full integration with Group Policy offers complete IT configuration management.
 
 In addition, Windows Defender now integrates the Windows Defender Offline Tool, which formerly required the creation of a bootable, standalone version of Windows Defender into the Windows Recovery Environment. This simplifies the process of remediating low-level malware infections, which may prove difficult to detect and remove with the antimalware solution running on the Windows desktop. You can update signatures for this environment automatically from within the Windows Defender Offline experience.
 
@@ -747,16 +789,16 @@ Another security threat that customers face particularly in consumer and bring y
 
 Whenever non-Microsoft real-time protection is in an inoperable state (for example, disabled, expired) for 24 hours, Windows Defender automatically turns on to ensure that the device is protected. Windows attempts to help the user remediate the issue with the non-Microsoft antimalware solution by notifying him or her as early as 5 days before the software expires. If the solution expires, Windows enables Windows Defender and continues to remind the user to renew the non-Microsoft solution. When the user updates or reactivates the solution, Windows Defender is automatically disabled. In the end, the goal is to make sure that an operable antimalware solution is running at all times.
 
-## Conclusion
+#### Conclusion
 
 Windows 10 is the culmination of many years of effort from Microsoft, and its impact from a security perspective will be significant. Many of us still remember the years of Windows XP, when the attacks on the Windows operating system, applications, and data increased in volume and matured into serious threats. With the existing platforms and security solutions that you’ve likely deployed, you’re better defended than ever. But as attackers have become more advanced, there is no doubt that they have exceeded your ability to defend your organization and users. Evidence of this fact can be found in the news virtually every day as yet another major organization falls victim. Microsoft specifically designed Windows 10 to address these modern threats and tactics from the most advanced adversaries. It can truly change the game for your organization, and it can restore your advantage against those would like to make you their next victim.
 
 ## Related topics
 
-[Windows 10 Specifications](http://go.microsoft.com/fwlink/p/?LinkId=625077 )
+[Windows 10 Specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077 )
 
-[HealthAttestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=626940 )
+[HealthAttestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=626940 )
 
-[Making Windows 10 More Personal and More Secure with Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=626945)
+[Making Windows 10 More Personal and More Secure with Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=626945)
 
 [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md)
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 108dd74507..4d3345f8a1 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Windows Defender Advanced Threat Protection
@@ -15,10 +16,11 @@ author: mjcaparas
 **Applies to:**
 
 - Windows 10 Enterprise
-- Windows 10 Enterprise for Education
+- Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
+>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
 Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
 
diff --git a/windows/keep-secure/windows-defender-block-at-first-sight.md b/windows/keep-secure/windows-defender-block-at-first-sight.md
index 71894a0846..8abf7c0806 100644
--- a/windows/keep-secure/windows-defender-block-at-first-sight.md
+++ b/windows/keep-secure/windows-defender-block-at-first-sight.md
@@ -8,44 +8,44 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: iaanw
 ---
 
-# Enable the Block at First Sight feature in Windows 10
+# Block at First Sight
 
 **Applies to**
 
 - Windows 10, version 1607
 
+**Audience**
+
+- Network administrators
+
 Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds. 
 
-You can enable Block at First Sight with Group Policy or individually on endpoints.
+It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention.
 
-## Backend processing and near-instant determinations
+## How it works
 
-When a Windows Defender client encounters a suspicious but previously undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
+When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
 
-If the cloud backend is unable to make a determination, a copy of the file is requested for additional processing and analysis in the cloud. 
+If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file. 
 
-If the Block at First Sight feature is enabled on the client, the file will be locked by Windows Defender while a copy is uploaded to the cloud, processed, and a verdict returned to the client. Only after a determination is returned from the cloud will Windows Defender release the lock and let the file run.
- 
-The file-based determination typically takes 1 to 4 seconds.
+In many cases this process can reduce the response time to new malware from hours to seconds.
 
 > [!NOTE]
 > Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files.
 
 
-## Enable Block at First Sight
+## Confirm Block at First Sight is enabled
 
-### Use Group Policy to configure Block at First Sight
+Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender deployments in enterprise networks.
 
-You can use Group Policy to control whether Windows Defender will continue to lock a suspicious file until it is uploaded to the backend.
+> [!IMPORTANT]
+> There is no specific individual setting in System Center Configuration Manager to enable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly.
 
-This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.
-
-Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work.
-
-**Configure pre-requisite cloud protection Group Policy settings:**
+### Confirm Block at First Sight is enabled with Group Policy
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
@@ -55,28 +55,56 @@ Block at First Sight requires a number of Group Policy settings to be configured
 
 5.  Expand the tree to **Windows components > Windows Defender > MAPS** and configure the following Group Policies:
     
-    1.  Double-click the **Join Microsoft MAPS** setting and set the option to **Enabled**. Click **OK**.
+    1.  Double-click the **Join Microsoft MAPS** setting and ensure the option is set to **Enabled**. Click **OK**.
     
-    1.  Double-click the **Send file samples when further analysis is required** setting and set the option as **Enabled** and the additional options as either of the following:
+    1.  Double-click the **Send file samples when further analysis is required** setting and ensure the option is set to **Enabled** and the additional options are either of the following:
     
         1. Send safe samples (1)
         
         1. Send all samples (3)
 
-        > [!NOTE]
+        > [!WARNING]
         > Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature will not function.
 
-    1. Click OK after both Group Policies have been set.
+    1. Click **OK**.
 
 1.  In the **Group Policy Management Editor**, expand the tree to **Windows components > Windows Defender > Real-time Protection**:
     
-    1.  Double-click the **Scan all downloaded files and attachments** setting and set the option to **Enabled**. Click **OK**.
+    1.  Double-click the **Scan all downloaded files and attachments** setting and ensure the option is set to **Enabled**. Click **OK**.
     
-    1.  Double-click the **Turn off real-time protection** setting and set the option to **Disabled**. Click **OK**.
+    1.  Double-click the **Turn off real-time protection** setting and ensure the option is set to **Disabled**. Click **OK**.
+
+If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered.
 
 
+### Confirm Block at First Sight is enabled with Windows Settings
 
-**Enable Block at First Sight with Group Policy**
+> [!NOTE]
+> If the pre-requisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
+
+You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
+
+**Confirm Block at First Sight is enabled on individual clients**
+
+1. Open Windows Defender settings:
+
+    a. Open the Windows Defender app and click **Settings**.
+    
+    b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**.
+
+2.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
+
+## Disable Block at First Sight
+
+> [!WARNING]
+> Disabling the Block at First Sight feature will lower the protection state of the endpoint and your network.
+
+> [!NOTE]
+> You cannot disable Block at First Sight with System Center Configuration Manager
+
+You may choose to disable the Block at First Sight feature if you want to retain the pre-requisite settings without using Block at First Sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.
+
+**Disable Block at First Sight with Group Policy**
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
@@ -86,28 +114,14 @@ Block at First Sight requires a number of Group Policy settings to be configured
 
 5.  Expand the tree through **Windows components > Windows Defender > MAPS**.
 
-1.  Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Enabled**.
+1.  Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Disabled**.
 
     > [!NOTE]
-    > The Block at First Sight feature will not function if the pre-requisite group policies have not been correctly set.
+    > Disabling the Block at First Sight feature will not disable or alter the pre-requisite group policies.
 
-### Manually enable Block at First Sight on individual clients
-
-To configure un-managed clients that are running Windows 10, Block at First Sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
-
-**Enable Block at First Sight on individual clients**
-
-1. Open Windows Defender settings:
-
-    a. Open the Windows Defender app and click **Settings**.
-    
-    b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**.
-
-2.	Switch **Cloud-based Protection** and **Automatic sample submission** to **On**.
-
-> [!NOTE]
-> These settings will be overridden if the network administrator has configured their associated Group Policies. The settings will appear grayed out and you will not be able to modify them if they are being managed by Group Policy.
 
 ## Related topics
 
 - [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
+
+
diff --git a/windows/keep-secure/windows-defender-enhanced-notifications.md b/windows/keep-secure/windows-defender-enhanced-notifications.md
index e7ce19cd26..e70fede4fd 100644
--- a/windows/keep-secure/windows-defender-enhanced-notifications.md
+++ b/windows/keep-secure/windows-defender-enhanced-notifications.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: iaanw
 ---
 
@@ -21,9 +22,9 @@ In Windows 10, application notifications about malware detection and remediation
 
 Notifications will appear on endpoints when manually triggered and scheduled scans are completed and threats are detected. These notifications will also be seen in the **Notification Center**, and a summary of scans and threat detections will also appear at regular time intervals.
 
-You can enable and disable enhanced notifications  with the registry or in Windows Settings. 
+You can enable and disable enhanced notifications in Windows Settings. 
 
-## Configure enhanced notifications
+## Disable notifications
 
 You can disable enhanced notifications on individual endpoints in Windows Settings. 
 
@@ -38,6 +39,8 @@ You can disable enhanced notifications on individual endpoints in Windows Settin
 ![Windows Defender enhanced notifications](images/defender/enhanced-notifications.png)
 
 
+
+
 ## Related topics
 
-- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
\ No newline at end of file
+- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
diff --git a/windows/keep-secure/windows-defender-in-windows-10.md b/windows/keep-secure/windows-defender-in-windows-10.md
index e052d1a3bb..7ad3e53061 100644
--- a/windows/keep-secure/windows-defender-in-windows-10.md
+++ b/windows/keep-secure/windows-defender-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
diff --git a/windows/keep-secure/windows-defender-offline.md b/windows/keep-secure/windows-defender-offline.md
index bdd1e45d8b..a90a308ed7 100644
--- a/windows/keep-secure/windows-defender-offline.md
+++ b/windows/keep-secure/windows-defender-offline.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index c70e57a4b1..9b54a7e5a7 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -624,37 +624,37 @@ New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction I
 
 For more information about Windows PowerShell concepts, see the following topics.
 
--   [Windows PowerShell Getting Started Guide](http://go.microsoft.com/fwlink/p/?linkid=113440)
+-   [Windows PowerShell Getting Started Guide](https://go.microsoft.com/fwlink/p/?linkid=113440)
 
--   [Windows PowerShell User Guide](http://go.microsoft.com/fwlink/p/?linkid=113441)
+-   [Windows PowerShell User Guide](https://go.microsoft.com/fwlink/p/?linkid=113441)
 
--   [Windows PowerShell About Help Topics](http://go.microsoft.com/fwlink/p/?linkid=113206)
+-   [Windows PowerShell About Help Topics](https://go.microsoft.com/fwlink/p/?linkid=113206)
 
--   [about\_Functions](http://go.microsoft.com/fwlink/p/?linkid=113231)
+-   [about\_Functions](https://go.microsoft.com/fwlink/p/?linkid=113231)
 
--   [about\_Functions\_Advanced](http://go.microsoft.com/fwlink/p/?linkid=144511)
+-   [about\_Functions\_Advanced](https://go.microsoft.com/fwlink/p/?linkid=144511)
 
--   [about\_Execution\_Policies](http://go.microsoft.com/fwlink/p/?linkid=135170)
+-   [about\_Execution\_Policies](https://go.microsoft.com/fwlink/p/?linkid=135170)
 
--   [about\_Foreach](http://go.microsoft.com/fwlink/p/?linkid=113229)
+-   [about\_Foreach](https://go.microsoft.com/fwlink/p/?linkid=113229)
 
--   [about\_Objects](http://go.microsoft.com/fwlink/p/?linkid=113241)
+-   [about\_Objects](https://go.microsoft.com/fwlink/p/?linkid=113241)
 
--   [about\_Properties](http://go.microsoft.com/fwlink/p/?linkid=113249)
+-   [about\_Properties](https://go.microsoft.com/fwlink/p/?linkid=113249)
 
--   [about\_While](http://go.microsoft.com/fwlink/p/?linkid=113275)
+-   [about\_While](https://go.microsoft.com/fwlink/p/?linkid=113275)
 
--   [about\_Scripts](http://go.microsoft.com/fwlink/p/?linkid=144310)
+-   [about\_Scripts](https://go.microsoft.com/fwlink/p/?linkid=144310)
 
--   [about\_Signing](http://go.microsoft.com/fwlink/p/?linkid=113268)
+-   [about\_Signing](https://go.microsoft.com/fwlink/p/?linkid=113268)
 
--   [about\_Throw](http://go.microsoft.com/fwlink/p/?linkid=145153)
+-   [about\_Throw](https://go.microsoft.com/fwlink/p/?linkid=145153)
 
--   [about\_PSSessions](http://go.microsoft.com/fwlink/p/?linkid=135181)
+-   [about\_PSSessions](https://go.microsoft.com/fwlink/p/?linkid=135181)
 
--   [about\_Modules](http://go.microsoft.com/fwlink/p/?linkid=144311)
+-   [about\_Modules](https://go.microsoft.com/fwlink/p/?linkid=144311)
 
--   [about\_Command\_Precedence](http://go.microsoft.com/fwlink/p/?linkid=113214)
+-   [about\_Command\_Precedence](https://go.microsoft.com/fwlink/p/?linkid=113214)
 
  
 
diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md
index 9907572763..ca368e846f 100644
--- a/windows/keep-secure/windows-hello-in-enterprise.md
+++ b/windows/keep-secure/windows-hello-in-enterprise.md
@@ -78,8 +78,8 @@ To allow facial recognition, you must have devices with integrated special infra
 - [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 - [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 - [Microsoft Passport guide](microsoft-passport-guide.md)
-- [Prepare people to use Microsoft Passport](prepare-people-to-use-microsoft-passport.md)
-- [PassportforWork CSP](http://go.microsoft.com/fwlink/p/?LinkId=708219)
+- [Prepare people to use Windows Hello for Work](prepare-people-to-use-microsoft-passport.md)
+- [PassportforWork CSP](https://go.microsoft.com/fwlink/p/?LinkId=708219)
 
  
 
diff --git a/windows/keep-secure/windows-security-baselines.md b/windows/keep-secure/windows-security-baselines.md
index f0db2dc596..ee48d1325c 100644
--- a/windows/keep-secure/windows-security-baselines.md
+++ b/windows/keep-secure/windows-security-baselines.md
@@ -51,13 +51,13 @@ To help faster deployments and increase the ease of managing Windows, Microsoft
 
 ### Windows 10 security baselines
  
- -  [Windows 10, Version 1511 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799381)
- -  [Windows 10, Version 1507 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799380)
+ -  [Windows 10, Version 1511 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799381)
+ -  [Windows 10, Version 1507 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799380)
 
 
 ### Windows Server security baselines
 
- -  [Windows Server 2012 R2 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799382)
+ -  [Windows Server 2012 R2 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799382)
 
 ## How can I monitor security baseline deployments?
 
diff --git a/windows/keep-secure/wip-enterprise-overview.md b/windows/keep-secure/wip-enterprise-overview.md
index 241479661a..2b0b45fd93 100644
--- a/windows/keep-secure/wip-enterprise-overview.md
+++ b/windows/keep-secure/wip-enterprise-overview.md
@@ -1,78 +1,5 @@
 ---
 title: Windows Information Protection overview (Windows 10)
 description: Conceptual info about Windows Information Protection (WIP), formerly known as Windows Information Protection (WIP).
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-localizationpriority: high
+redirect_url:  https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip
 ---
-
-# Windows Information Protection (WIP) overview
-
-**Applies to:**
-
--   Windows 10
--   Windows 10 Mobile
-
-With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
-
-Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
-
-
-## Benefits of WIP
-
-WIP provides:
-- Obvious separation between personal and corporate data, without requiring employees to switch environments or apps.
-
-- Additional data protection for existing line-of-business apps without a need to update the apps.
-
-- Ability to wipe corporate data from devices while leaving personal data alone.
-
-- Use of audit reports for tracking issues and remedial actions.
-
-- Integration with your existing management system (Microsoft Intune, System Center Configuration Manager 2016, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company.
-
-## Enterprise scenarios
-WIP currently addresses these enterprise scenarios:
-- You can encrypt enterprise data on employee-owned and corporate-owned devices.
-
-- You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data.
-
-- You can select specific apps that can access enterprise data, called "allowed apps" that are clearly recognizable to employees. You can also block non-protected apps from accessing enterprise data.
-
-- Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn’t required.
-
-## Why use WIP?
-WIP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
-
-- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. WIP helps make sure that your enterprise data is protected on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data.
-
-- **Manage your enterprise documents, apps, and encryption modes.**
-
-    - **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using an WIP-protected device, WIP encrypts the data on the device.
-
-    - **Using allowed apps.** Managed apps (apps that you've included on the allowed apps list in your WIP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
-
-    - **Managed apps and restrictions.** With WIP you can control which apps can access and use your enterprise data. After adding an app to your protected apps list, the app is trusted with enterprise data. All apps not on this list are blocked from accessing your enterprise data, depending on your WIP management-mode.
-    
-    You don’t have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in your protected apps list.
-
-    - **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list.
-
-    - **Data encryption at rest.** WIP helps protect enterprise data on local files and on removable media.
-    
-    Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies WIP to the new document.
-
-    - **Helping prevent accidental data disclosure to public spaces.** WIP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your protected apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your protected apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally.
-
-    - **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
-
-    - **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
-
-## Turn off WIP
-
-You can turn off all Windows Information Protection and restrictions, reverting to where you were pre-WIP, with no data loss. However, turning off WIP isn't recommended. If you choose to turn it off, you can always turn it back on, but WIP won't retain your decryption and policies info.
-
-## Related topics
-- [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-edp.md)
diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md
index b46f78d870..19a65a7a57 100644
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@@ -16,6 +16,7 @@
 ### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 ### [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 ### [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+## [Create mandatory user profiles](mandatory-user-profile.md)
 ## [Lock down Windows 10](lock-down-windows-10.md)
 ### [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md)
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
@@ -35,14 +36,12 @@
 ## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)
 ## [Configure devices without MDM](configure-devices-without-mdm.md)
 ## [Windows 10 servicing options](introduction-to-windows-10-servicing.md)
-## [Application development for Windows as a service](application-development-for-windows-as-a-service.md)
 ## [Application Virtualization (App-V) for Windows](appv-for-windows.md)
 ### [Getting Started with App-V](appv-getting-started.md)
-#### [About App-V](appv-about-appv.md)
+#### [What's new in App-V](appv-about-appv.md)
 ##### [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
 #### [Evaluating App-V](appv-evaluating-appv.md)
 #### [High Level Architecture for App-V](appv-high-level-architecture.md)
-#### [Accessibility for App-V](appv-accessibility.md)
 ### [Planning for App-V](appv-planning-for-appv.md)
 #### [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
 ##### [App-V Prerequisites](appv-prerequisites.md)
@@ -54,17 +53,14 @@
 ##### [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
 ##### [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
 ##### [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
-##### [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)
 ##### [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
 ##### [Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md)
 #### [App-V Planning Checklist](appv-planning-checklist.md)
 ### [Deploying App-V](appv-deploying-appv.md)
-#### [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md)
+#### [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
 ##### [About Client Configuration Settings](appv-client-configuration-settings.md)
 ##### [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-##### [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md)
 ##### [How to Install the Sequencer](appv-install-the-sequencer.md)
-##### [How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md)
 #### [Deploying the App-V Server](appv-deploying-the-appv-server.md)
 ##### [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
 ##### [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
@@ -110,23 +106,22 @@
 ##### [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
 ##### [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
 #### [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
-##### [How to Access the Client Management Console](appv-accessing-the-client-management-console.md)
-##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server ](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
 #### [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
 ##### [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md)
 #### [Maintaining App-V](appv-maintaining-appv.md)
 ##### [How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md)
-#### [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
-##### [How to Load the PowerShell Cmdlets and Get Cmdlet Help ](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)
-##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)
-##### [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)
-##### [How to Modify Client Configuration by Using PowerShell](appv-modify-client-configuration-with-powershell.md)
-##### [How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
-##### [How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
-##### [How to Sequence a Package  by Using PowerShell ](appv-sequence-a-package-with-powershell.md)
-##### [How to Create a Package Accelerator by Using PowerShell](appv-create-a-package-accelerator-with-powershell.md)
-##### [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
-##### [How to Install the App-V Databases and Convert the Associated Security Identifiers  by Using PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)
+#### [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help ](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)
+##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)
+##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)
+##### [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+##### [How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
+##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
+##### [How to Sequence a Package  by Using Windows PowerShell ](appv-sequence-a-package-with-powershell.md)
+##### [How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)
+##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
+##### [How to Install the App-V Databases and Convert the Associated Security Identifiers  by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)
 ### [Troubleshooting App-V](appv-troubleshooting.md)
 ### [Technical Reference for App-V](appv-technical-reference.md)
 #### [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
@@ -159,7 +154,6 @@
 #### [Sync Trigger Events for UE-V](uev-sync-trigger-events.md)
 #### [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md)
 #### [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md)
-#### [Accessibility for UE-V](uev-accessibility.md)
 #### [Security Considerations for UE-V](uev-security-considerations.md)
 ## [Windows Store for Business](windows-store-for-business.md)
 ### [Sign up and get started](sign-up-windows-store-for-business-overview.md)
diff --git a/windows/manage/administrative-tools-in-windows-10.md b/windows/manage/administrative-tools-in-windows-10.md
index cc42197767..0166bbda73 100644
--- a/windows/manage/administrative-tools-in-windows-10.md
+++ b/windows/manage/administrative-tools-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Administrative Tools in Windows 10
@@ -30,23 +31,23 @@ If the content that is linked to a tool in the following list doesn't provide th
 
  
 
--   [Component Services]( http://go.microsoft.com/fwlink/p/?LinkId=708489)
--   [Computer Management](http://go.microsoft.com/fwlink/p/?LinkId=708490)
--   [Defragment and Optimize Drives](http://go.microsoft.com/fwlink/p/?LinkId=708488)
--   [Disk Cleanup](http://go.microsoft.com/fwlink/p/?LinkID=698648)
--   [Event Viewer](http://go.microsoft.com/fwlink/p/?LinkId=708491)
--   [iSCSI Initiator](http://go.microsoft.com/fwlink/p/?LinkId=708492)
--   [Local Security Policy](http://go.microsoft.com/fwlink/p/?LinkId=708493)
--   [ODBC Data Sources]( http://go.microsoft.com/fwlink/p/?LinkId=708494)
--   [Performance Monitor](http://go.microsoft.com/fwlink/p/?LinkId=708495)
--   [Print Management](http://go.microsoft.com/fwlink/p/?LinkId=708496)
--   [Resource Monitor](http://go.microsoft.com/fwlink/p/?LinkId=708497)
--   [Services](http://go.microsoft.com/fwlink/p/?LinkId=708498)
--   [System Configuration](http://go.microsoft.com/fwlink/p/?LinkId=708499)
--   [System Information]( http://go.microsoft.com/fwlink/p/?LinkId=708500)
--   [Task Scheduler](http://go.microsoft.com/fwlink/p/?LinkId=708501)
--   [Windows Firewall with Advanced Security](http://go.microsoft.com/fwlink/p/?LinkId=708503)
--   [Windows Memory Diagnostic]( http://go.microsoft.com/fwlink/p/?LinkId=708507)
+-   [Component Services]( https://go.microsoft.com/fwlink/p/?LinkId=708489)
+-   [Computer Management](https://go.microsoft.com/fwlink/p/?LinkId=708490)
+-   [Defragment and Optimize Drives](https://go.microsoft.com/fwlink/p/?LinkId=708488)
+-   [Disk Cleanup](https://go.microsoft.com/fwlink/p/?LinkID=698648)
+-   [Event Viewer](https://go.microsoft.com/fwlink/p/?LinkId=708491)
+-   [iSCSI Initiator](https://go.microsoft.com/fwlink/p/?LinkId=708492)
+-   [Local Security Policy](https://go.microsoft.com/fwlink/p/?LinkId=708493)
+-   [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494)
+-   [Performance Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708495)
+-   [Print Management](https://go.microsoft.com/fwlink/p/?LinkId=708496)
+-   [Resource Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708497)
+-   [Services](https://go.microsoft.com/fwlink/p/?LinkId=708498)
+-   [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499)
+-   [System Information]( https://go.microsoft.com/fwlink/p/?LinkId=708500)
+-   [Task Scheduler](https://go.microsoft.com/fwlink/p/?LinkId=708501)
+-   [Windows Firewall with Advanced Security](https://go.microsoft.com/fwlink/p/?LinkId=708503)
+-   [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
 
  
 
diff --git a/windows/manage/app-inventory-management-windows-store-for-business.md b/windows/manage/app-inventory-management-windows-store-for-business.md
index 2472c4a967..ec263eede3 100644
--- a/windows/manage/app-inventory-management-windows-store-for-business.md
+++ b/windows/manage/app-inventory-management-windows-store-for-business.md
@@ -169,7 +169,7 @@ For each app in your inventory, you can view and manage license details. This gi
 
 **To view license details**
 
-1.  Sign in to [Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=691845)
+1.  Sign in to [Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845)
 
 2.  Click **Manage**, and then choose **Inventory**.
 
diff --git a/windows/manage/application-development-for-windows-as-a-service.md b/windows/manage/application-development-for-windows-as-a-service.md
index dedc91d3cd..080fccc711 100644
--- a/windows/manage/application-development-for-windows-as-a-service.md
+++ b/windows/manage/application-development-for-windows-as-a-service.md
@@ -1,12 +1,13 @@
 ---
 title: Application development for Windows as a service (Windows 10)
-description: In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years.
+description: Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds.
 ms.assetid: 28E0D103-B0EE-4B14-8680-6F30BD373ACF
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, servicing
-author: greg-lindsay
+author: jdeckerMS
+redirect_url: https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service
 ---
 
 # Application development for Windows as a service
@@ -14,7 +15,7 @@ author: greg-lindsay
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
--   Windows 10 IoT Core (IoT Core)
+-   Windows 10 IoT Core 
 
 In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years. Additionally, new releases must be made available on a continual basis, and must be deployable with minimal impact on users. Microsoft designed Windows 10 to meet these requirements by implementing a new approach to innovation, development, and delivery called [Windows as a service (WaaS)](introduction-to-windows-10-servicing.md). The key to enabling significantly shorter product cycles while maintaining high quality levels is an innovative community-centric approach to testing that Microsoft has implemented for Windows 10. The community, known as Windows Insiders, is comprised of millions of users around the world. When Windows Insiders opt in to the community, they test many builds over the course of a product cycle and provide feedback to Microsoft through an iterative methodology called flighting.
 
@@ -25,6 +26,7 @@ Builds distributed as flights provide the Windows engineering team with signific
 Although Microsoft releases flight builds to Windows Insiders, Microsoft will publish two types of Windows 10 releases broadly to the public on an ongoing basis:
 
 **Feature updates** install the latest new features, experiences, and capabilities on devices that are already running Windows 10. Because feature updates contain an entire copy of Windows, they are also what customers use to install Windows 10 on existing devices running Windows 7 or Windows 8.1, and on new devices where no operating system is installed. Microsoft expects to publish an average of one to two new feature updates per year.
+
 **Quality updates** deliver security issue resolutions and other important bug fixes. Quality updates will be provided to improve each feature currently in support, on a cadence of one or more times per month. Microsoft will continue publishing quality updates on Update Tuesday (sometimes referred to as Patch Tuesday). Additionally, Microsoft may publish additional quality updates for Windows 10 outside the Update Tuesday process when required to address customer needs.
 
 During Windows 10 development, Microsoft streamlined the Windows product engineering and release cycle so that we can deliver the features, experiences, and functionality customers want, more quickly than ever. We also created new ways to deliver and install feature updates and quality updates that simplify deployments and on-going management, broaden the base of employees who can be kept current with the latest Windows capabilities and experiences, and lower total cost of ownership. Hence we have implemented new servicing options – referred to as Current Branch (CB), Current Branch for Business (CBB), and Long-Term Servicing Branch (LTSB) – that provide pragmatic solutions to keep more devices more current in enterprise environments than was previously possible.
@@ -45,7 +47,7 @@ The traditional approach for supporting apps has been to release a new app versi
 
 In the Windows as a service model, Microsoft is making a commitment to maintaining the compatibility of the underlying OS. This means Microsoft will make a concerted effort to ensure that there are no breaking changes that impact the app ecosystem negatively. In this scenario, when there is a release of a Windows build, most apps (those with no kernel dependencies) will continue to work.
 
-In view of this change, Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds. Our mutual customers are better served by an application lifecycle approach. This means when an application version is released it will be supported for a certain period of time irrespective of however many Windows builds are released in the interim. The ISV makes a commitment to provide support for that specific version of the app as long as it is supported in the lifecycle. Microsoft follows a similar lifecycle approach for Windows that can be referenced [here](http://go.microsoft.com/fwlink/?LinkID=780549).
+In view of this change, Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds. Our mutual customers are better served by an application lifecycle approach. This means when an application version is released it will be supported for a certain period of time irrespective of however many Windows builds are released in the interim. The ISV makes a commitment to provide support for that specific version of the app as long as it is supported in the lifecycle. Microsoft follows a similar lifecycle approach for Windows that can be referenced [here](https://go.microsoft.com/fwlink/?LinkID=780549).
 
 This approach will reduce the burden of maintaining an app schedule that aligns with Windows releases. ISV partners should be free to release features or updates at their own cadence. We feel that our partners can keep their customer base updated with the latest app updates independent of a Windows release. In addition, our customers do not have to seek an explicit support statement whenever a Windows build is released. Here is an example of a support statement that covers how an app may be supported across different versions of the OS:
 
@@ -60,7 +62,7 @@ In the following sections, you will find additional information about the steps
 We understand that compatibility matters to developers. ISVs and developers want to ensure their apps will run as expected on all supported versions of the Windows OS. Consumers and businesses have a key investment here—they want to ensure that the apps they have paid for will continue to work. We know that compatibility is the primary criteria for purchase decisions. Apps that are well written based on best practices will lead to much less code churn when 
 a new Windows version is released and will reduce fragmentation—these apps have a reduced engineering investment to maintain, and a faster time to market.
 
-In the Windows 7 timeframe, compatibility was very much a reactive approach. In Windows 8 we started looking at this differently, working within Windows to ensure that compatibility was by design rather than an afterthought. 
+In the Windows 7 timeframe, compatibility was very much a reactive approach. In Windows 8, we started looking at this differently, working within Windows to ensure that compatibility was by design rather than an afterthought. 
 Windows 10 is the most compatible-by-design version of the OS to date. Here are some key ways we accomplished this:
 -   **App telemetry**: This helps us understand app popularity in the Windows ecosystem to inform compatibility testing.
 -   **ISV partnerships**: Work directly with external partners to provide them with data and help fix issues that our users experience.
@@ -68,15 +70,15 @@ Windows 10 is the most compatible-by-design version of the OS to date. Here are
 -   **Communication**: Tighter control over API changes and improved communication.
 -   **Flighting and feedback loop**: Windows insiders receive flighted builds that help improve our ability to find compatibility issues before a final build is released to customers. This feedback process not only exposes bugs, but ensures we are shipping features our users want.
 
-## Microsoft uses data to make Windows 10 better
+## Best practices for app compatibility
 
 Microsoft uses diagnostic and usage data to identify and troubleshoot problems, improve our products and services, and provide our users with personalized experiences. The usage data we collect also extends to the apps that PCs in the Windows ecosystem are running. Based on what our customers use, we build our list to test these apps, devices, and drivers against new versions of the Windows OS. Windows 10 has been the most compatible version of Windows to-date, with over 90% compatibility against thousands of popular apps. The Windows Compatibility team commonly reaches out to our ISV partners to provide feedback if issues are discovered, so that we can partner together on solutions. Ideally, we’d like our common customers to be able to update Windows seamlessly and without losing functionality in either their OS or the apps they depend on for their productivity or entertainment.
 
 The following sections contain some best practices Microsoft recommends so you can ensure your apps are compatible with Windows 10.
 
-**Windows version check**
+### Windows version check
 
-The OS version has been incremented with Windows 10. This means that the internal version number has been changed to 10.0. As in the past, we go to great lengths to maintain application and device compatibility after an OS version change. For most app categories (without any kernel dependencies) the change will not negatively impact app functionality, and existing apps will continue to work fine on Windows 10.
+The OS version has been incremented with Windows 10. This means that the internal version number has been changed to 10.0. As in the past, we go to great lengths to maintain application and device compatibility after an OS version change. For most app categories (without any kernel dependencies), the change will not negatively impact app functionality, and existing apps will continue to work fine on Windows 10.
 
 The manifestation of this change is app-specific. This means any app that specifically checks for the OS version will get a higher version number, which can lead to one or more of the following situations:
 -   App installers might not be able to install the app, and apps might not be able to start.
@@ -87,20 +89,21 @@ Some apps perform a version check and simply pass a warning to users. However, t
 -   If the app is dependent on specific API functionality, ensure you target the correct API version.
 -   Ensure you detect the change via APISet or another public API, and do not use the version as a proxy for some feature or fix. If there are breaking changes and a proper check is not exposed, then that is a bug.
 -   Ensure the app does NOT check for version in odd ways, such as via the registry, file versions, offsets, kernel mode, drivers, or other means. If the app absolutely needs to check the version, use the GetVersion APIs, which should return the major, minor, and build number.
--   If you are using the [GetVersion](http://go.microsoft.com/fwlink/?LinkID=780555) API, remember that the behavior of this API has changed since Windows 8.1.
+-   If you are using the [GetVersion](https://go.microsoft.com/fwlink/?LinkID=780555) API, remember that the behavior of this API has changed since Windows 8.1.
 
 If you own apps such as antimalware or firewall apps, you should work through your usual feedback channels and via the Windows Insider program.
 
-**Undocumented APIs**
+### Undocumented APIs
+
 Your apps should not call undocumented Windows APIs, or take dependency on specific Windows file exports or registry keys. This can lead to broken functionality, data loss, and potential security issues. If there is functionality your app requires that is not available, this is an opportunity to provide feedback through your usual feedback channels and via the Windows Insider program.
 
-**Develop Universal Windows Platform (UWP) and Centennial apps**
+### Develop Universal Windows Platform (UWP) and Centennial apps
 
-We encourage all Win32 app ISVs to develop [Universal Windows Platform (UWP)](http://go.microsoft.com/fwlink/?LinkID=780560) and, specifically, [Centennial](http://go.microsoft.com/fwlink/?LinkID=780562) apps moving forward. There are great benefits to developing these app packages rather than using traditional Win32 installers. UWP apps are also supported in the [Windows Store](http://go.microsoft.com/fwlink/?LinkID=780563), so it’s easier for you to update your users to a consistent version automatically, lowering your support costs.
+We encourage all Win32 app ISVs to develop [Universal Windows Platform (UWP)](https://go.microsoft.com/fwlink/?LinkID=780560) and, specifically, [Centennial](https://go.microsoft.com/fwlink/?LinkID=780562) apps moving forward. There are great benefits to developing these app packages rather than using traditional Win32 installers. UWP apps are also supported in the [Windows Store](https://go.microsoft.com/fwlink/?LinkID=780563), so it’s easier for you to update your users to a consistent version automatically, lowering your support costs.
 
-If your Win32 app types do not work with the Centennial model, we highly recommend that you use the right installer and ensure this is fully tested. An installer is your user or customer’s first experience with your app, so ensure that this works well. All too often, this doesn’t work well or it hasn’t been fully tested for all scenarios. The [Windows App Certification Kit](http://go.microsoft.com/fwlink/?LinkID=780565) can help you test the install and uninstall of your Win32 app and help you identify use of undocumented APIs, as well as other basic performance-related best-practice issues, before your users do.
+If your Win32 app types do not work with the Centennial model, we highly recommend that you use the right installer and ensure this is fully tested. An installer is your user or customer’s first experience with your app, so ensure that this works well. All too often, this doesn’t work well or it hasn’t been fully tested for all scenarios. The [Windows App Certification Kit](https://go.microsoft.com/fwlink/?LinkID=780565) can help you test the install and uninstall of your Win32 app and help you identify use of undocumented APIs, as well as other basic performance-related best-practice issues, before your users do.
 
-**Best pratcices:**
+**Best practices:**
 -   Use installers that work for both 32-bit and 64-bit versions of Windows.
 -   Design your installers to run on multiple scenarios (user or machine level).
 -   Keep all Windows redistributables in the original packaging – if you repackage these, it’s possible that this will break the installer.
@@ -112,8 +115,8 @@ Windows OS flighting refers to the interim builds available to Windows Insiders
 
 If your app is in the Store, you can flight your app via the Store, which means that your app will be available for our Windows Insider population to install. Users can install your app and you can receive preliminary feedback on your app before you release it to the general population. The follow sections outline the steps for testing your apps against Windows flighted builds.
 
-**Step 1: Become a Windows Insider and participate in flighting**
-As a [Windows Insider,](http://go.microsoft.com/fwlink/p/?LinkId=521639) you can help shape the future of Windows—your feedback will help us improve features and functionality in the platform. This is a vibrant community where you can connect with other enthusiasts, join forums, trade advice, and learn about upcoming Insider-only events.
+### Step 1: Become a Windows Insider and participate in flighting
+As a [Windows Insider,](https://go.microsoft.com/fwlink/p/?LinkId=521639) you can help shape the future of Windows—your feedback will help us improve features and functionality in the platform. This is a vibrant community where you can connect with other enthusiasts, join forums, trade advice, and learn about upcoming Insider-only events.
 
 Since you’ll have access to preview builds of Windows 10, Windows 10 Mobile, and the latest Windows SDK and Emulator, you’ll have all the tools at your disposal to develop great apps and explore what's new in the Universal Windows Platform and the Windows Store.
 
@@ -127,7 +130,7 @@ Before you become a Windows Insider, please note that participation is intended
 -   Know what an ISO file is and how to use it.
 -   Aren't installing it on their everyday computer or device.
 
-**Step 2: Test your scenarios**
+### Step 2: Test your scenarios
 
 Once you have updated to a flighted build, the following are some sample test cases to help you get started on testing and gathering feedback. For most of these tests, ensure you cover both x86 and AMD64 systems.
 **Clean install test:** On a clean install of Windows 10, ensure your app is fully functional. If your app fails this test and the upgrade test, then it’s likely that the issue is caused by underlying OS changes or bugs in the app. 
@@ -149,12 +152,12 @@ If after investigation, the former is the case, be sure to use the Windows Insid
 -   Sensors (accelerometer, fusion, and so on)
 -   Camera
 
-**Step 3: Provide feedback**
+### Step 3: Provide feedback
 
 Let us know how your app is performing against flighted builds. As you discover issues with your app during testing, please log bugs via the partner portal if you have access, or through your Microsoft representative. We encourage this information so that we can build a quality experience for our users together.
 
-**Step 4: Register on Windows 10**
-The [Ready for Windows 10](http://go.microsoft.com/fwlink/?LinkID=780580) website is a directory of software that supports Windows 10. It’s intended for IT administrators at companies and organizations worldwide that are considering Windows 10 for their deployments. IT administrators can check the site to see whether software deployed in their enterprise is supported in Windows 10.
+### Step 4: Register on Windows 10
+The [Ready for Windows 10](https://go.microsoft.com/fwlink/?LinkID=780580) website is a directory of software that supports Windows 10. It’s intended for IT administrators at companies and organizations worldwide that are considering Windows 10 for their deployments. IT administrators can check the site to see whether software deployed in their enterprise is supported in Windows 10.
 
 ## Related topics
 [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md)
diff --git a/windows/manage/appv-about-appv.md b/windows/manage/appv-about-appv.md
index 28dd41b085..ef43aeed3d 100644
--- a/windows/manage/appv-about-appv.md
+++ b/windows/manage/appv-about-appv.md
@@ -1,6 +1,6 @@
 ---
-title: About App-V (Windows 10)
-description: About App-V
+title: What's new in App-V for Windows 10 (Windows 10)
+description: Information about what's new in App-V for Windows 10. 
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,463 +9,46 @@ ms.prod: w10
 ---
 
 
-# About App-V for Windows
+# What's new in App-V
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
-Review the following sections for information about significant changes that apply to Application Virtualization (App-V) for Windows:
+Microsoft Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally. 
 
-[App-V software prerequisites and supported configurations](#bkmk-51-prereq-configs)
-
-[Migrating to App-V](#bkmk-migrate-to-51)
-
-[What’s New in App-V](#bkmk-whatsnew)
-
-[App-V support for Windows 10](#bkmk-win10support)
-
-[App-V Management Console Changes](#bkmk-mgmtconsole)
-
-[Sequencer Improvements](#bkmk-seqimprove)
-
-[Improvements to Package Converter](#bkmk-pkgconvimprove)
-
-[Support for multiple scripts on a single event trigger](#bkmk-supmultscripts)
-
-[Hardcoded path to installation folder is redirected to virtual file system root](#bkmk-hardcodepath)
-
-## <a href="" id="bkmk-51-prereq-configs"></a>App-V for Windows software prerequisites and supported configurations
+Application Virtualization (App-V) for Windows 10, version 1607, includes these new features and capabilities compared to App-V 5.1. See [App-V release notes](appv-release-notes-for-appv-for-windows.md) for more information about the App-V for Windows 10, version 1607 release.
 
 
-Review the following topics for information about App-V for Windows software prerequisites and supported configurations.
+## App-V is now a feature in Windows 10
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Links to prerequisites and supported configurations topics</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[App-V Prerequisites](appv-prerequisites.md)</p></td>
-<td align="left"><p>Prerequisite software that you must install before you can get started with App-V for Windows</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[App-V Supported Configurations](appv-supported-configurations.md)</p></td>
-<td align="left"><p>Supported operating systems and hardware requirements for the App-V server, sequencer, and client components</p></td>
-</tr>
-</tbody>
-</table>
+With Windows 10, version 1607 and later releases, Application Virtualization (App-V) is included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack. 
+
+For information about earlier versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+
+The changes in App-V for Windows 10, version 1607 impact already existing implementations of App-V in the following ways:
+
+-   The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
+
+-   The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work. 
+
+>**Note**<br>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. 
+
+For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](appv-migrating-to-appv-from-a-previous-version.md).
+
+>**Important**
+You can upgrade your existing App-V installation to Windows 10, version 1607 from App-V versions 5.0 SP2 and higher only. If you are using a previous version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade to Windows 10, version 1607.
 
  
-**Support for using Configuration Manager with App-V:** App-V supports System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager.
+## Support for System Center 
 
-## <a href="" id="bkmk-migrate-to-51"></a>Upgrade to App-V for Windows
-
-
-Use the following information to upgrade to App-V for Windows from earlier versions. See [Migrating to App-V for Windows from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) for more information.
-
-### Before you begin 
-
-Review the following information before you start the upgrade:
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Items to review before upgrading</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Components to upgrade, in any order</p></td>
-<td align="left"><ol>
-<li><p>App-V Server</p></li>
-<li><p>Sequencer</p></li>
-<li><p>App-V Client or App-V Remote Desktop Services (RDS) Client</p></li>
-</ol>
-<div class="alert">
-<strong>Note</strong>  
-<p>Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).</p>
-</div>
-<div>
- 
-</div></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Upgrading from App-V 4.x</p></td>
-<td align="left"><p>You cannot upgrade directly from App-V 4.x to App-V for Windows. You must first upgrade to App-V 5.0. For more information, see [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)</p></li>
-</ul>
-<p></p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Upgrading from App-V 5.0 or later</p></td>
-<td align="left"><p>You can upgrade to App-V for Windows directly from any of the following versions:</p>
-<ul>
-<li><p>App-V 5.0</p></li>
-<li><p>App-V 5.0 SP1</p></li>
-<li><p>App-V 5.0 SP2</p></li>
-<li><p>App-V 5.0 SP3</p></li>
-</ul>
-<p>To upgrade to App-V for Windows, follow the steps in the remaining sections of this topic.</p>
-<p>Packages and connection groups will continue to work with App-V for Windows as they currently do.</p></td>
-</tr>
-</tbody>
-</table>
- 
-
-### <a href="" id="bkmk-steps-upgrd-infrastruc"></a>Steps to upgrade the App-V infrastructure
-
-Complete the following steps to upgrade each component of the App-V infrastructure to App-V for Windows. The following order is only a suggestion; you can upgrade components in any order.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Step</th>
-<th align="left">For more information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Step 1: Upgrade the App-V server components.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>If you are not using the App-V server, skip this step and go to the next step.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left"><p>Follow these steps:</p>
-<ol>
-<li><p>Do one of the following, depending on the method you are using to upgrade the management database and/or reporting database:</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Database upgrade method</th>
-<th align="left">Step</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Windows Installer</p></td>
-<td align="left"><p>Skip this step and go to step 2, “If you are upgrading the App-V server...”</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>SQL scripts</p></td>
-<td align="left"><p>Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts).</p></td>
-</tr>
-</tbody>
-</table>
-<li><p>If you are upgrading to App-V for Windows server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 server](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/check-reg-key-svr).</p></li>
-<li><p>Follow the steps in [How to Deploy the App-V server components](appv-deploy-the-appv-server.md)</p></li>
-<p> </p></li>
-</ol></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Step 2: Install the new App-V for Windows sequencer.</p></td>
-<td align="left"><p>See [How to Install the Sequencer](appv-install-the-sequencer.md).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Step 3: Enable the in-box App-V client.</p></td>
-<td align="left"><p>See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Converting packages created using a prior version of App-V
-
-Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V for Windows, version 1607. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion.
-
->**Note**  
-App-V for Windows packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V for Windows packages.
-
- 
-
-## <a href="" id="bkmk-whatsnew"></a>What’s New in App-V
-
-
-These sections are for users who are already familiar with App-V and want to know what has changed in App-V for Windows. If you are not already familiar with App-V, you should start by reading [Planning for App-V](appv-planning-for-appv.md).
-
-
-### <a href="" id="bkmk-mgmtconsole"></a>App-V Management Console Changes
-
-This section compares the App-V for Windows Management Console’s current and previous functionality.
-
-### Silverlight is no longer required
-
-The Management Console UI no longer requires Silverlight. The Management Console is built on HTML5 and Javascript.
-
-### Notifications and messages are displayed individually in a dialog box
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">New in App-V for Windows</th>
-<th align="left">Prior to App-V for Windows</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p><strong>Number of messages indicator:</strong></p>
-<p>On the title bar of the App-V Management Console, a number is now displayed next to a flag icon to indicate the number of messages that are waiting to be read.</p></td>
-<td align="left"><p>You could see only one message or error at a time, and you were unable to determine how many messages there were.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p><strong>Message appearance:</strong></p>
-<ul>
-<li><p>Messages that require user input appear in a separate dialog box that displays on top of the current page that you were viewing, and require a response before you can dismiss them.</p></li>
-<li><p>Messages and errors appear in a list, with one beneath the other.</p></li>
-</ul></td>
-<td align="left"><p>You could see only one message or error at a time.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p><strong>Dismissing messages:</strong></p>
-<p>Use the <strong>Dismiss All</strong> link to dismiss all messages and errors at one time, or dismiss them one at a time.</p></td>
-<td align="left"><p>You could dismiss messages and errors only one at a time.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Console pages are now separate URLs
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">New in App-V for Windows</th>
-<th align="left">Prior to App-V for Windows</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Each page in the console has a different URL, which enables you to bookmark specific pages for quick access in the future.</p>
-<p>The number that appears in some URLs indicates the specific package. These numbers are unique.</p></td>
-<td align="left"><p>All console pages are accessed through the same URL.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### New, separate CONNECTION GROUPS page and menu option
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">New in App-V for Windows</th>
-<th align="left">Prior to App-V for Windows</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>The CONNECTION GROUPS page is now part of the main menu, at the same level as the PACKAGES page.</p></td>
-<td align="left"><p>To open the CONNECTION GROUPS page, you navigate through the PACKAGES page.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Menu options for packages have changed
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">New in App-V for Windows</th>
-<th align="left">Prior to App-V Windows</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>The following options are now buttons that appear at the bottom of the PACKAGES page:</p>
-<ul>
-<li><p>Add or Upgrade</p></li>
-<li><p>Publish</p></li>
-<li><p>Unpublish</p></li>
-<li><p>Delete</p></li>
-</ul>
-<p>The following options will still appear when you right-click a package to open the drop-down context menu:</p>
-<ul>
-<li><p>Publish</p></li>
-<li><p>Unpublish</p></li>
-<li><p>Edit AD Access</p></li>
-<li><p>Edit Deployment Config</p></li>
-<li><p>Transfer deployment configuration from…</p></li>
-<li><p>Transfer access and configuration from…</p></li>
-<li><p>Delete</p></li>
-</ul>
-<p>When you click <strong>Delete</strong> to remove a package, a dialog box opens and asks you to confirm that you want to delete the package.</p></td>
-<td align="left"><p>The <strong>Add or Upgrade</strong> option was a button at the top right of the PACKAGES page.</p>
-<p>The <strong>Publish</strong>, <strong>Unpublish</strong>, and <strong>Delete</strong> options were available only if you right-clicked a package name in the packages list.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>The following package operations are now buttons on the package details page for each package:</p>
-<ul>
-<li><p>Transfer (drop-down menu with the following options):</p>
-<ul>
-<li><p>Transfer deployment configuration from…</p></li>
-<li><p>Transfer access and configuration from…</p></li>
-</ul></li>
-<li><p>Edit (connection groups and AD Access)</p></li>
-<li><p>Unpublish</p></li>
-<li><p>Delete</p></li>
-<li><p>Edit Default Configuration</p></li>
-</ul></td>
-<td align="left"><p>These package options were available only if you right-clicked a package name in the packages list.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Icons in left pane have new colors and text
-
-The colors of the icons in the left pane have been changed, and text added, to make the icons consistent with other Microsoft products.
-
-### Overview page has been removed
-
-In the left pane of the Management Console, the OVERVIEW menu option and its associated OVERVIEW page have been removed.
-
-### <a href="" id="bkmk-seqimprove"></a>Sequencer Improvements
-
-The following improvements have been made to the package editor in the App-V Sequencer.
-
-#### Import and export the manifest file
-
-You can import and export the AppxManifest.xml file. To export the manifest file, select the **Advanced** tab and in the Manifest File box, click **Export...**. You can make changes to the manifest file, such as removing shell extensions or editing file type associations.
-
-After you make your changes, click **Import...** and select the file you edited. After you successfully import it back in, the manifest file is immediately updated within the package editor.
-
->**Caution**  
-When you import the file, your changes are validated against the XML schema. If the file is not valid, you will receive an error. Be aware that it is possible to import a file that is validated against the XML schema, but that might still fail to run for other reasons.
-
- 
-
-#### Addition of Windows 10 to operating systems list
-
-In the Deployment tab, Windows 10 32-bit and Windows 10-64 bit have been added to the list of operating systems for which you can sequence a package. If you select **Any Operating System**, Windows 10 is automatically included among the operating systems that the sequenced package will support.
-
-#### Current path displays at bottom of virtual registry editor
-
-In the Virtual Registry tab, the path now displays at the bottom of the virtual registry editor, which enables you to determine the currently selected key. Previously, you had to scroll through the registry tree to find the currently selected key.
-
-#### <a href="" id="combined--find-and-replace--dialog-box-and-shortcut-keys-added-in-virtual-registry-editor"></a>Combined “find and replace” dialog box and shortcut keys added in virtual registry editor
-
-In the virtual registry editor, shortcut keys have been added for the Find option (Ctrl+F), and a dialog box that combines the “find” and “replace” tasks has been added to enable you to find and replace values and data. To access this combined dialog box, select a key and do one of the following:
-
--   Press **Ctrl+H**
-
--   Right-click a key and select **Replace**.
-
--   Select **View** &gt; **Virtual Registry** &gt; **Replace**.
-
-Previously, the “Replace” dialog box did not exist, and you had to make changes manually.
-
-#### Rename registry keys and package files successfully
-
-You can rename virtual registry keys and files without experiencing Sequencer issues. Previously, the Sequencer stopped working if you tried to rename a key.
-
-#### Import and export virtual registry keys
-
-You can import and export virtual registry keys. To import a key, right-click the node under which to import the key, navigate to the key you want to import, and then click **Import**. To export a key, right-click the key and select **Export**.
-
-#### Import a directory into the virtual file system
-
-You can import a directory into the VFS. To import a directory, click the **Package Files** tab, and then click **View** &gt; **Virtual File System** &gt; **Import Directory**. If you try to import a directory that contains files that are already in the VFS, the import fails, and an explanatory message is displayed. Prior to App-V, you could not import directories.
-
-#### Import or export a VFS file without having to delete and then add it back to the package
-
-You can import files to or export files from the VFS without having to delete the file and then add it back to the package. For example, you might use this feature to export a change log to a local drive, edit the file using an external editor, and then re-import the file into the VFS.
-
-To export a file, select the **Package Files** tab, right-click the file in the VFS, click **Export**, and choose an export location from which you can make your edits.
-
-To import a file, select the **Package Files** tab and right-click the file that you had exported. Browse to the file that you edited, and then click **Import**. The imported file will overwrite the existing file.
-
-After you import a file, you must save the package by clicking **File** &gt; **Save**.
-
-#### Menu for adding a package file has moved
-
-The menu option for adding a package file has been moved. To find the Add option, select the **Package Files** tab, then click **View** &gt; **Virtual File System** &gt; **Add File**. Previously, you right-clicked a folder under the VFS node, and chose **Add File**.
-
-#### Virtual registry node expands MACHINE and USER hives by default
-
-When you open the virtual registry, the MACHINE and USER hives are shown below the top-level REGISTRY node. Previously, you had to expand the REGISTRY node to show the hives beneath.
-
-#### Enable or disable Browser Helper Objects
-
-You can enable or disable Browser Helper Objects by selecting a new check box, Enable Browser Helper Objects, on the Advanced tab of the Sequencer user interface. If Browser Helper Objects:
-
--   Exist in the package and are enabled, the check box is selected by default.
-
--   Exist in the package and are disabled, the check box is clear by default.
-
--   Exist in the package, with one or more enabled and one or more disabled, the check box is set to indeterminate by default.
-
--   Do not exist in the package, the check box is disabled.
-
-### <a href="" id="bkmk-pkgconvimprove"></a>Improvements to Package Converter
-
-You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output.
-
-For more information including examples, see [Migrating to App-V for Windows from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md).
-
-#### <a href="" id="bkmk-supmultscripts"></a>Support for multiple scripts on a single event trigger
-
-App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you are converting from App-V 4.6 to App-V 5.0 or later. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is installed as part of the App-V client installation.
-
-For more information, including a list of event triggers and the context under which scripts can be run, see the Scripts section in [About App-V Dynamic Configuration](appv-dynamic-configuration.md).
+App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager.
 
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-accessibility.md b/windows/manage/appv-accessibility.md
index a77cc5c218..34a3ab0a09 100644
--- a/windows/manage/appv-accessibility.md
+++ b/windows/manage/appv-accessibility.md
@@ -1,169 +1,4 @@
 ---
 title: Accessibility for App-V (Windows 10)
-description: Accessibility for App-V
-author: MaggiePucciEvans
-ms.pagetype: mdop, appcompat, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w10
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-getting-started
 ---
-
-
-# Accessibility for App-V
-
-
-Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities.
-
-## Keyboard Shortcuts for the App-V Management Server
-
-
-Following are the keyboard Shortcuts for the App-V Management Server:
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">To do this</th>
-<th align="left">Press</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Close a dialog box.</p></td>
-<td align="left"><p>Esc</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Perform the default action of a dialog box.</p></td>
-<td align="left"><p>Enter</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Refresh the current page of the App-V client console.</p></td>
-<td align="left"><p>F5</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Keyboard Shortcuts for the App-V Sequencer
-
-
-Following are the keyboard shortcuts for the Virtual Registry tab in the package editor in the App-V Sequencer:
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">To do this</th>
-<th align="left">Press</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Open the Find dialog box.</p></td>
-<td align="left"><p>CTRL + F</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Open the Replace dialog box.</p></td>
-<td align="left"><p>CTRL + H</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Access Any Command with a Few Keystrokes
-
-**Important**  
-The information in this section only applies to the App-V sequencer. For specific information about the App-V server, see the Keyboard Shortcuts for the App-V Management Server section of this document.
-
- 
-
-Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key:
-
-1.  Press ALT.
-
-    An underline appears beneath the keyboard shortcut for each feature that is available in the current view.
-
-2.  Press the letter underlined in the keyboard shortcut for the feature that you want to use.
-
-**Note**  
-To cancel the action that you are taking and hide the keyboard shortcuts, press ALT.
-
- 
-
-## Documentation in Alternative Formats
-
-
-If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service.
-
-For information about the availability of Microsoft product documentation and books from Microsoft Press, contact:
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left"><p><strong>Learning Ally (formerly Recording for the Blind &amp; Dyslexic, Inc.)</strong></p>
-<p>20 Roszel Road</p>
-<p>Princeton, NJ 08540</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Telephone number from within the United States:</p></td>
-<td align="left"><p>(800) 221-4792</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Telephone number from outside the United States and Canada:</p></td>
-<td align="left"><p>(609) 452-0606</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Fax:</p></td>
-<td align="left"><p>(609) 987-8116</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
-<td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Customer Service for People with Hearing Impairments
-
-
-If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service:
-
--   For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays.
-
--   For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays.
-
-Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used.
-
-## For More Information
-
-
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
-
-## Related topics
-
-
-[Getting Started with App-V](appv-getting-started.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-accessing-the-client-management-console.md b/windows/manage/appv-accessing-the-client-management-console.md
index 4c622c5423..d6ad0b2b1a 100644
--- a/windows/manage/appv-accessing-the-client-management-console.md
+++ b/windows/manage/appv-accessing-the-client-management-console.md
@@ -1,26 +1,4 @@
 ---
 title: How to access the client management console (Windows 10)
-description: How to access the client management console
-author: MaggiePucciEvans
-ms.pagetype: mdop, appcompat, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w10
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-using-the-client-management-console
 ---
-
-# How to access the client management console
-
-Use the App-V client management console to manage packages on the computer running the App-V client.
-
-> [!NOTE]  
-To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client.
-
-The client management console is available from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=41186).
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Related topics
-
-- [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md
index 71e3960d3e..af573415ac 100644
--- a/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Add or Remove an Administrator by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) server.
 
@@ -28,18 +30,10 @@ Use the following procedures to add or remove an administrator on the Microsoft
 
 2.  Right-click the account to be removed from the list of administrators and select **Remove**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md
index a5f136d917..5a7ba35ca9 100644
--- a/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Add or Upgrade Packages by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**.
 
@@ -37,18 +39,10 @@ You can the following procedure to add or upgrade a package to the App-V Managem
 
 5.  Click **Close** to close the **Add or Upgrade Packages** page.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-administering-appv-with-powershell.md b/windows/manage/appv-administering-appv-with-powershell.md
index 5d9ef4ace0..877ce78083 100644
--- a/windows/manage/appv-administering-appv-with-powershell.md
+++ b/windows/manage/appv-administering-appv-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: Administering App-V by Using PowerShell (Windows 10)
-description: Administering App-V by Using PowerShell
+title: Administering App-V by Using Windows PowerShell (Windows 10)
+description: Administering App-V by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,15 +9,17 @@ ms.prod: w10
 ---
 
 
-# Administering App-V by Using PowerShell
+# Administering App-V by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using Windows PowerShell with App-V.
+
+## How to administer App-V by using Windows PowerShell
 
 
-Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using PowerShell with App-V.
-
-## How to administer App-V by using PowerShell
-
-
-Use the following PowerShell procedures to perform various App-V tasks.
+Use the following Windows PowerShell procedures to perform various App-V tasks.
 
 <table>
 <colgroup>
@@ -32,59 +34,64 @@ Use the following PowerShell procedures to perform various App-V tasks.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[How to Load the PowerShell Cmdlets and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)</p></td>
-<td align="left"><p>Describes how to install the PowerShell cmdlets and find cmdlet help and examples.</p></td>
+<td align="left"><p>[How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)</p></td>
+<td align="left"><p>Describes how to install the Windows PowerShell cmdlets and find cmdlet help and examples.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to manage the client package lifecycle on a stand-alone computer using PowerShell.</p></td>
+<td align="left"><p>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to manage the client package lifecycle on a stand-alone computer by using Windows PowerShell.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to manage connection groups using PowerShell.</p></td>
+<td align="left"><p>[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to manage connection groups by using Windows PowerShell.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[How to Modify Client Configuration by Using PowerShell](appv-modify-client-configuration-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to modify the client using PowerShell.</p></td>
+<td align="left"><p>[How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to modify the client by using Windows PowerShell.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to apply a user configuration file using PowerShell.</p></td>
+<td align="left"><p>[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to apply a user configuration file by using Windows PowerShell.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to apply a deployment configuration file using PowerShell.</p></td>
+<td align="left"><p>[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to apply a deployment configuration file by using Windows PowerShell.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[How to Sequence a Package by Using PowerShell](appv-sequence-a-package-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to create a new package using PowerShell.</p></td>
+<td align="left"><p>[How to Sequence a Package by Using Windows PowerShell](appv-sequence-a-package-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to create a new package by using Windows PowerShell.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[How to Create a Package Accelerator by Using PowerShell](appv-create-a-package-accelerator-with-powershell.md)</p></td>
-<td align="left"><p>Describes how to create a package accelerator using PowerShell. You can use package accelerators automatically sequence large, complex applications.</p></td>
+<td align="left"><p>[How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to create a package accelerator by using Windows PowerShell. You can use package accelerators automatically sequence large, complex applications.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)</p></td>
+<td align="left"><p>[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to enable the computer running the App-V to send reporting information.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)</p></td>
+<td align="left"><p>[How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.</p></td>
 </tr>
+<tr class="odd">
+<td align="left"><p>[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+</p></td>
+<td align="left"><p>Describes how to use Windows PowerShell to configure a client after you deploy the App-V management and publishing servers, and add the required packages and connection groups.</p></td>
+</tr>
 </tbody>
 </table>
 
  
 
 **Important**  
-Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for PowerShell.
+Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell.
 
  
 
-## PowerShell Error Handling
+## Windows PowerShell Error Handling
 
 
-Use the following table for information about App-V PowerShell error handling.
+Use the following table for information about Windows PowerShell error handling for App-V.
 
 <table>
 <colgroup>
@@ -110,8 +117,8 @@ Use the following table for information about App-V PowerShell error handling.
 </tr>
 <tr class="even">
 <td align="left"><p>Package name contains <strong>$</strong></p></td>
-<td align="left"><p>If a package name contains the character ( <strong>$</strong> ), you must use a single-quote ( <strong>‘</strong> ), for example,</p>
-<p><strong>Add-AppvClientPackage ‘Contoso$App.appv’</strong></p></td>
+<td align="left"><p>If a package name contains the character ( <strong>$</strong> ), you must use a single-quote ( <strong>'</strong> ), for example,</p>
+<p><strong>Add-AppvClientPackage 'Contoso$App.appv'</strong></p></td>
 </tr>
 </tbody>
 </table>
@@ -121,18 +128,9 @@ Use the following table for information about App-V PowerShell error handling.
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-administering-virtual-applications-with-the-management-console.md b/windows/manage/appv-administering-virtual-applications-with-the-management-console.md
index 0b47267c1a..a110cd87b5 100644
--- a/windows/manage/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/manage/appv-administering-virtual-applications-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Administering App-V Virtual Applications by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V client. One or more management servers typically share a common data store for configuration and package information.
 
@@ -94,7 +96,7 @@ JavaScript must be enabled on the browser that opens the Web Management Console.
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## <a href="" id="other-resources-for-this-app-v-5-1-deployment-"></a>Other resources for this App-V deployment
 
diff --git a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
index faef4d1c5f..8241c5edef 100644
--- a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
@@ -11,20 +11,20 @@ ms.prod: w10
 
 # How to Allow Only Administrators to Enable Connection Groups
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks.
 
-**Note**  
-**This feature is supported starting in App-V 5.0 SP3.**
-
- 
+**Note**<br>
+This feature is supported starting in App-V 5.0 SP3.
 
 Use one of the following methods to allow only administrators to enable or disable connection groups.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -36,35 +36,25 @@ Use one of the following methods to allow only administrators to enable or disab
 <tr class="odd">
 <td align="left"><p>Group Policy setting</p></td>
 <td align="left"><p>Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:</p>
-<p><strong>Computer Configuration &gt; Policies &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing</strong></p></td>
+<p><strong>Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing</strong></p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>PowerShell cmdlet</p></td>
-<td align="left"><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>–RequirePublishAsAdmin</strong> parameter.</p>
+<td align="left"><p>Windows PowerShell cmdlet</p></td>
+<td align="left"><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p>
 <p>Parameter values:</p>
 <ul>
 <li><p>0 - False</p></li>
 <li><p>1 - True</p></li>
 </ul>
-<p><strong>Example:</strong>: Set-AppvClientConfiguration –RequirePublishAsAdmin1</p></td>
+<p>Example: <strong>Set-AppvClientConfiguration -RequirePublishAsAdmin 1</strong></p></td>
 </tr>
 </tbody>
 </table>
 
- 
+## Have a suggestion for App-V?
 
-**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Managing Connection Groups](appv-managing-connection-groups.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md
index 1d9ff36d03..b99eb36f43 100644
--- a/windows/manage/appv-application-publishing-and-client-interaction.md
+++ b/windows/manage/appv-application-publishing-and-client-interaction.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Application Publishing and Client Interaction
 
+**Applies to**
+-   Windows 10, version 1607
 
 This article provides technical information about common App-V client operations and their integration with the local operating system.
 
@@ -21,8 +23,8 @@ The Sequencer creates App-V packages and produces a virtualized application. The
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -65,9 +67,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The
 </tbody>
 </table>
 
- 
-
-For information about sequencing, see [Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkID=269810).
+For information about sequencing, see [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
 
 ## What’s in the appv file?
 
@@ -123,7 +123,7 @@ To change the default location of the package store during setup, see [Enable th
 
 ### Shared Content Store
 
-If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <http://go.microsoft.com/fwlink/p/?LinkId=392750>.
+If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/).
 
 > [!NOTE]  
 > The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
@@ -232,7 +232,7 @@ The Package Store contains a pristine copy of the package files that have been s
 
 ### COW roaming
 
-The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\*<username>*\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings.
+The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\*&lt;username&gt;*\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings.
 
 ### COW local
 
@@ -245,7 +245,7 @@ Before an application can access the package registry data, the App-V Client mus
 
 When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time.
 
-**Registry.dat from Package Store ** > **%ProgramData%\Microsoft\AppV\Client\Vreg\{VersionGuid}.dat**
+**Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat**
  
 
 When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation.
@@ -383,11 +383,11 @@ App-V Packages are staged upon addition to the computer with the App-V Client. T
 
 ### Mounting packages
 
-Packages can be explicitly loaded using the PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store.
+Packages can be explicitly loaded using the Windows PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store.
 
 ### Streaming packages
 
-The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MAcHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming:
+The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming:
 
 <table>
 <colgroup>
@@ -441,7 +441,7 @@ These settings affect the behavior of streaming App-V package assets to the clie
 
 ### Background streaming
 
-The PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched.
+The Windows PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched.
 
 ### Optimized streaming
 
@@ -457,7 +457,7 @@ App-V Packages require updating throughout the lifecycle of the application. App
 
 ### Package removal
 
-The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files.
+The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files.
 
 ## <a href="" id="bkmk-roaming-reg-data"></a>Roaming registry and data
 
@@ -485,8 +485,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="25%" />
+<col width="75%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -499,8 +499,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 <td align="left"><p>Applications that are run as standard users</p></td>
 <td align="left"><p>When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:</p>
 <ul>
-<li><p>HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE</p></li>
-<li><p>HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE</p></li>
+<li><p>HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE</p></li>
+<li><p>HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE</p></li>
 </ul>
 <p>The locations are enabled for roaming based on the operating system settings.</p></td>
 </tr>
@@ -513,8 +513,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
 </ul>
 <p>In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:</p>
 <ul>
-<li><p>HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\{UserSID}\REGISTRY\MACHINE\SOFTWARE</p></li>
-<li><p>HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\Registry\User\{UserSID}\SOFTWARE</p></li>
+<li><p>HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE</p></li>
+<li><p>HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -532,21 +532,21 @@ The following table shows local and roaming locations, when folder redirection h
 
 | VFS directory in package | Mapped location of backing store |
 | - | - |
-| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\ProgramFilesX86 |
-| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\SystemX86 |
-| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\Windows |
-| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\appv_ROOT|
-| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\AppData |
+| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\ProgramFilesX86 |
+| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\SystemX86 |
+| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\Windows |
+| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\appv_ROOT|
+| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\AppData |
 
 The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location).
 
 | VFS directory in package | Mapped location of backing store |
 | - | - |
-| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\ProgramFilesX86 |
-| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\SystemX86 |
-| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\Windows |
-| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\<GUID>\appv\_ROOT |
-| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\<GUID>\AppData |
+| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\ProgramFilesX86 |
+| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\SystemX86 |
+| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\Windows |
+| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\appv\_ROOT |
+| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\AppData |
  
 
 The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are:
@@ -598,19 +598,15 @@ This process will re-create both the local and network locations for AppData and
 ## App-V client application lifecycle management
 
 
-In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client.
+In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of Windows PowerShell commands initiated on the computer running the App-V Client.
 
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <http://go.microsoft.com/fwlink/?LinkId=392773>.
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177).
 
-The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) or use Windows PowerShell:
-
-``` syntax
-get-command *appv*
-```
+The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell).
 
 ### Publishing refresh
 
-The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following PowerShell cmdlets:
+The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following Windows PowerShell cmdlets:
 
 -   **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages.
 
@@ -628,7 +624,7 @@ The focus of the following sections is to detail the operations that occur durin
 
 ### Adding an App-V package
 
-Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming.
+Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in Windows PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming.
 
 **How to add an App-V package**
 
@@ -990,7 +986,7 @@ The App-V Client supports publishing applications with support for COM integrati
 
 App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml).
 
-Details on App-V integration are available at: <http://go.microsoft.com/fwlink/?LinkId=392834>.
+For details on App-V integration, see [Microsoft Application Virtualization 5.0 Integration](https://blogs.technet.microsoft.com/appv/2013/01/03/microsoft-application-virtualization-5-0-integration).
 
 ### Software clients and application capabilities
 
@@ -1059,7 +1055,7 @@ For situations where there is more than one application that could register the
 
 The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing.
 
-The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <http://go.microsoft.com/fwlink/?LinkId=392835>.
+The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: [App Paths - A Virtual Application Extension in App-V 5.0](https://blogs.technet.microsoft.com/virtualworld/2012/12/12/app-paths-a-virtual-application-extension-in-app-v-5-0/).
 
 ### Virtual application
 
@@ -1181,7 +1177,7 @@ App-V Packages contain the Manifest file inside of the appv package file, which
 
 ### Example for dynamic configuration files
 
-The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V Sequencing Guide at: [http://go.microsoft.com/fwlink/?LinkID=269810](http://go.microsoft.com/fwlink/?LinkID=269810).
+The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760).
 
 **Manifest**
 
@@ -1288,4 +1284,4 @@ There are three specific categories of events recorded described below.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md
index 5da620fe9f..c12c85996f 100644
--- a/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Apply the Deployment Configuration File by Using PowerShell (Windows 10)
-description: How to Apply the Deployment Configuration File by Using PowerShell
+title: How to Apply the Deployment Configuration File by Using Windows PowerShell (Windows 10)
+description: How to Apply the Deployment Configuration File by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,8 +9,10 @@ ms.prod: w10
 ---
 
 
-# How to Apply the Deployment Configuration File by Using PowerShell
+# How to Apply the Deployment Configuration File by Using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
 
 The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V client before the package has been published. The file configures the default settings for package for all users on the computer running the App-V client. This section describes the steps used to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer:
 
@@ -18,31 +20,22 @@ The dynamic deployment configuration file is applied when a package is added or
 
 **c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
 
-**To Apply the Deployment Configuration File Using PowerShell**
+**To Apply the Deployment Configuration File Using Windows PowerShell**
 
--   To specify a new default set of configurations for all users who will run the package on a specific computer, using a PowerShell console type the following:
+-   To specify a new default set of configurations for all users who will run the package on a specific computer, in a Windows PowerShell console, type the following:
 
-    **Add-AppVClientPackage –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
+    `Add-AppVClientPackage -Path c:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration c:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml`
 
-    **Note**  
+    **Note**<br>
     This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document:
 
-    **Set-AppVClientPackage –Name Myapp –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
+    `Set-AppVClientPackage -Name Myapp -Path c:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration c:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml`
 
      
+## Have a suggestion for App-V?
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md b/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md
index b924e0df13..7874045e20 100644
--- a/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Apply the User Configuration File by Using PowerShell (Windows 10)
-description: How to Apply the User Configuration File by Using PowerShell
+title: How to Apply the User Configuration File by Using Windows PowerShell (Windows 10)
+description: How to Apply the User Configuration File by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,8 +9,10 @@ ms.prod: w10
 ---
 
 
-# How to Apply the User Configuration File by Using PowerShell
+# How to Apply the User Configuration File by Using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
 
 The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run.
 
@@ -20,26 +22,19 @@ Use the following procedure to specify a user-specific configuration file. The f
 
 **To apply a user Configuration file**
 
-1.  To add the package to the computer using the PowerShell console type the following command:
+1.  To add the package to the computer using the Windows PowerShell console, type the following command:
 
-    **Add-AppVClientPackage c:\\Packages\\Contoso\\MyApp.appv**.
+    `Add-AppVClientPackage c:\Packages\Contoso\MyApp.appv`
 
 2.  Use the following command to publish the package to the user and specify the updated the dynamic user configuration file:
 
-    **Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath c:\\Packages\\Contoso\\config.xml**
+    `Publish-AppVClientPackage $pkg -DynamicUserConfigurationPath c:\Packages\Contoso\config.xml`
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-capacity-planning.md b/windows/manage/appv-capacity-planning.md
index b41c87dd1b..bf7e512509 100644
--- a/windows/manage/appv-capacity-planning.md
+++ b/windows/manage/appv-capacity-planning.md
@@ -11,10 +11,12 @@ ms.prod: w10
 
 # App-V Capacity Planning
 
+**Applies to**
+-   Windows Server 2016
 
 The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
 
-**Important**  
+>**Important**  
 Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
 
  
@@ -22,12 +24,12 @@ Use the information in this section only as a general guide for planning your Ap
 ## Determine the Project Scope
 
 
-Before you design the App-V infrastructure, you must determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization.
+Before you design the App-V infrastructure, determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -47,29 +49,21 @@ Before you design the App-V infrastructure, you must determine the project’s s
 </tbody>
 </table>
 
- 
-
 ## Determine Which App-V Infrastructure is Required
 
-
-**Important**  
-Both of the following models require the App-V client to be installed on the computer where you plan to run virtual applications.
-
 You can also manage your App-V environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
 
- 
-
 -   **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
 
     -   With disconnected remote users who cannot connect to the App-V infrastructure.
 
-    -   When you are running a software management system, such as Configuration Manager 2012.
+    -   When you are running a software management system, such as System Center 2012 Configuration Manager.
 
     -   When network bandwidth limitations inhibit electronic software distribution.
 
--   **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
+-   **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
 
-    **Important**  
+    >**Important**  
     The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V Supported Configurations](appv-supported-configurations.md).
 
      
@@ -937,7 +931,7 @@ Although there are a number of fault-tolerance strategies and technologies avail
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-client-configuration-settings.md b/windows/manage/appv-client-configuration-settings.md
index 93b6745d4e..59e07c520f 100644
--- a/windows/manage/appv-client-configuration-settings.md
+++ b/windows/manage/appv-client-configuration-settings.md
@@ -10,104 +10,106 @@ ms.prod: w10
 
 # About Client Configuration Settings
 
-The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use PowerShell to modify the client configuration settings. For more information about using PowerShell and App-V see [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md).
+**Applies to**
+-   Windows 10, version 1607
 
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
 
+You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
 
 ## App-V Client Configuration Settings: Windows PowerShell
 
 The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets:
 
-| **Name of option in Windows PowerShell**<br>Type  | Description  | Cmdlet or cmdlets for setting  | Disabled Policy State Keys and Values |
+| Windows PowerShell cmdlet or cmdlets,<br>**Option**<br>Type  | Description  | Disabled Policy State Keys and Values |
 |------------|------------|------------|------------|
-| **PackageInstallationRoot**<br>String  | Specifies directory where all new applications and updates will be installed.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **PackageSourceRoot**<br>String  | Overrides source location for downloading package content.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | 0 |
-| **ReestablishmentRetries**<br>Integer (0-99)  | Specifies the number of times to retry a dropped session.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **ReestablishmentInterval**<br>Integer (0-3600)  | Specifies the number of seconds between attempts to reestablish a dropped session.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **LocationProvider**<br>String  | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **CertFilterForClientSsl**<br>String  | Specifies the path to a valid certificate in the certificate store.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Verifies Server certificate revocation status before steaming using HTTPS.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | 0 |
-| **SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Specifies that streamed package contents will be not be saved to the local hard disk.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | 0 |
-| **Name**<br>String  | Displays the name of publishing server.  | Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **URL**<br>String  | Displays the URL of publishing server.  | Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables global publishing refresh (Boolean)  | Set-AppvPublishingServer  | False |
-| **GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a global publishing refresh on logon. ( Boolean)  | Set-AppvPublishingServer  | False |
-| **GlobalRefreshInterval**<br>Integer (0-744)  | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.  | Set-AppvPublishingServer  | 0 |
-| **GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | Set-AppvPublishingServer  | 1 |
-| **UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables user publishing refresh (Boolean)  | Set-AppvPublishingServer  | False |
-| **UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60  | Set-AppvPublishingServer  | False |
-| **UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.  | Set-AppvPublishingServer  | 0 |
-| **UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | Set-AppvPublishingServer  | 1 |
-| **MigrationMode**<br>True(enabled state); False (disabled state)  | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | |
-| **EnablePackageScripts**<br>True(enabled); False(Disabled state)  | Enables scripts defined in the package manifest of configuration files that should run.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | |
-| **RoamingFileExclusions**<br>String  | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures'  | Set-AppvClientConfiguration  | |
-| **RoamingRegistryExclusions**<br>String  | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **IntegrationRootUser**<br>String  | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **IntegrationRootGlobal**<br>String  | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **VirtualizableExtensions**<br>String  | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](https://microsoft.sharepoint.com/teams/osg_core_dcp/cpub/partner/Shared%20Documents/APPV&UEV-for-Windows-RS1/App-V/App-V%20updated%20topics%20from%20JAN%20-%20PM%20reviews/appv-running-locally-installed-applications-inside-a-virtual-environment.md).  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written |
-| **ReportingEnabled**<br>True (enabled); False (Disabled state)  | Enables the client to return information to a reporting server.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | False |
-| **ReportingServerURL**<br>String  | Specifies the location on the reporting server where client information is saved.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **ReportingStartTime**<br>Integer (0 – 23)  | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **ReportingInterval**<br>Integer  | Specifies the retry interval that the client will use to resend data to the reporting server.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Policy value not written (same as Not Configured) |
-| **EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | |
-| **EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Enables the publishing refresh progress bar for the computer running the App-V Client.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | |
-| **HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Hides the publishing refresh progress bar.  | Sync-AppvPublishingServer  | |
-| **ProcessesUsingVirtualComponents**<br>String  | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.  | Set-AppvClientConfiguration,<br>Set-AppvPublishingServer  | Empty string. |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageInstallationRoot**<br>String  | Specifies directory where all new applications and updates will be installed.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageSourceRoot**<br>String  | Overrides source location for downloading package content.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentRetries**<br>Integer (0-99)  | Specifies the number of times to retry a dropped session.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentInterval**<br>Integer (0-3600)  | Specifies the number of seconds between attempts to reestablish a dropped session.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-LocationProvider**<br>String  | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-CertFilterForClientSsl**<br>String  | Specifies the path to a valid certificate in the certificate store.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Verifies Server certificate revocation status before steaming using HTTPS.  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Specifies that streamed package contents will be not be saved to the local hard disk.  | 0 |
+| Set-AppvPublishingServer<br><br>**-Name**<br>String  | Displays the name of publishing server.  | Policy value not written (same as Not Configured) |
+| Set-AppvPublishingServer<br><br>**-URL**<br>String  | Displays the URL of publishing server.  | Policy value not written (same as Not Configured) |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables global publishing refresh (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a global publishing refresh on logon. ( Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshInterval**<br>Integer (0-744)  | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | 1 |
+| Set-AppvPublishingServer<br><br>**-UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables user publishing refresh (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60  | False |
+| Set-AppvPublishingServer<br><br>**-UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
+| Set-AppvPublishingServer<br><br>**-UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | 1 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-MigrationMode**<br>True(enabled state); False (disabled state)  | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePackageScripts**<br>True(enabled); False(Disabled state)  | Enables scripts defined in the package manifest of configuration files that should run.  | |
+| Set-AppvClientConfiguration<br><br>**-RoamingFileExclusions**<br>String  | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures'  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-RoamingRegistryExclusions**<br>String  | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootUser**<br>String  | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootGlobal**<br>String  | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VirtualizableExtensions**<br>String  | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md).  | Policy value not written |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingEnabled**<br>True (enabled); False (Disabled state)  | Enables the client to return information to a reporting server.  | False |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingServerURL**<br>String  | Specifies the location on the reporting server where client information is saved.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingStartTime**<br>Integer (0 – 23)  | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingInterval**<br>Integer  | Specifies the retry interval that the client will use to resend data to the reporting server.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Enables the publishing refresh progress bar for the computer running the App-V Client.  | |
+| Sync-AppvPublishingServer<br><br>**-HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Hides the publishing refresh progress bar.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ProcessesUsingVirtualComponents**<br>String  | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.  | Empty string. |
 
-## App-V Client Configuration Settings: Setup Flags and Registry Keys
+## App-V Client Configuration Settings: Registry Keys
 
-The following table provides information about App-V client configuration settings that can be configured through setup flags or in the registry:
+The following table provides information about App-V client configuration settings that can be configured through the registry:
 
-| **Setting name**<br>Type  | Setup Flag  | Registry Key Value  | Disabled Policy State Keys and Values |
-|--------------------------------------------------------------------------------|---------------------------|-------------------------------------------------------------------------|---------------------------------------------------|
-| **PackageInstallationRoot**<br>String  | PACKAGEINSTALLATIONROOT  | Streaming\\PackageInstallationRoot  | Policy value not written (same as Not Configured) |
-| **PackageSourceRoot**<br>String  | PACKAGESOURCEROOT  | Streaming\\PackageSourceRoot  | Policy value not written (same as Not Configured) |
-| **AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | Not available.  | Streaming\\AllowHighCostLaunch  | 0 |
-| **ReestablishmentRetries**<br>Integer (0-99)  | Not available.  | Streaming\\ReestablishmentRetries  | Policy value not written (same as Not Configured) |
-| **ReestablishmentInterval**<br>Integer (0-3600)  | Not available.  | Streaming\\ReestablishmentInterval  | Policy value not written (same as Not Configured) |
-| **LocationProvider**<br>String  | Not available.  | Streaming\\LocationProvider  | Policy value not written (same as Not Configured) |
-| **CertFilterForClientSsl**<br>String  | Not available.  | Streaming\\CertFilterForClientSsl  | Policy value not written (same as Not Configured) |
-| **VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Not available.  | Streaming\\VerifyCertificateRevocationList  | 0 |
-| **SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | SHAREDCONTENTSTOREMODE  | Streaming\\SharedContentStoreMode  | 0 |
-| **Name**<br>String  | PUBLISHINGSERVERNAME  | Publishing\\Servers{serverId}\\FriendlyName  | Policy value not written (same as Not Configured) |
-| **URL**<br>String  | PUBLISHINGSERVERURL  | Publishing\\Servers{serverId}\\URL  | Policy value not written (same as Not Configured) |
-| **GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | GLOBALREFRESHENABLED  | Publishing\\Servers{serverId}\\GlobalEnabled  | False |
-| **GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | GLOBALREFRESHONLOGON  | Publishing\\Servers{serverId}\\GlobalLogonRefresh  | False |
-| **GlobalRefreshInterval**<br>Integer (0-744)  | GLOBALREFRESHINTERVAL  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval  | 0 |
-| **GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | GLOBALREFRESHINTERVALUNI  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit  | 1 |
-| **UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | USERREFRESHENABLED  | Publishing\\Servers{serverId}\\UserEnabled  | False |
-| **UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | USERREFRESHONLOGON  | Publishing\\Servers{serverId}\\UserLogonRefresh  | False |
-| **UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | USERREFRESHINTERVAL  | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval  | 0 |
-| **UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | USERREFRESHINTERVALUNIT  | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit  | 1 |
-| **MigrationMode**<br>True(enabled state); False (disabled state)  | MIGRATIONMODE  | Coexistence\\MigrationMode  | |
-| **EnablePackageScripts**<br>True(enabled); False(Disabled state)  | ENABLEPACKAGESCRIPTS  | \\Scripting\\EnablePackageScripts  | |
-| **RoamingFileExclusions**<br>String  | ROAMINGFILEEXCLUSIONS  | | |
-| **RoamingRegistryExclusions**<br>String  | ROAMINGREGISTRYEXCLUSIONS  | Integration\\RoamingReglstryExclusions  | Policy value not written (same as Not Configured) |
-| **IntegrationRootUser**<br>String  | Not available.  | Integration\\IntegrationRootUser  | Policy value not written (same as Not Configured) |
-| **IntegrationRootGlobal**<br>String  | Not available.  | Integration\\IntegrationRootGlobal  | Policy value not written (same as Not Configured) |
-| **VirtualizableExtensions**<br>String  | Not available.  | Integration\\VirtualizableExtensions  | Policy value not written |
-| **ReportingEnabled**<br>True (enabled); False (Disabled state)  | Not available.  | Reporting\\EnableReporting  | False |
-| **ReportingServerURL**<br>String  | Not available.  | Reporting\\ReportingServer  | Policy value not written (same as Not Configured) |
-| **ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Not available.  | Reporting\\DataCacheLimit  | Policy value not written (same as Not Configured) |
-| **ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Not available.  | Reporting\\DataBlockSize  | Policy value not written (same as Not Configured) |
-| **ReportingStartTime**<br>Integer (0 – 23)  | Not available.  | Reporting\\ StartTime  | Policy value not written (same as Not Configured) |
-| **ReportingInterval**<br>Integer  | Not available.  | Reporting\\RetryInterval  | Policy value not written (same as Not Configured) |
-| **ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Not available.  | Reporting\\RandomDelay  | Policy value not written (same as Not Configured) |
-| **EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | Not available.  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization  | |
-| **EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Not available.  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Publishing  | |
-| **HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Not available.  | | |
-| **ProcessesUsingVirtualComponents**<br>String  | Not available.  | Virtualization\\ProcessesUsingVirtualComponents  | Empty string. |
+| **Setting name**<br>Type  | Registry Key Value  | Disabled Policy State Keys and Values |
+|---------------------------|---------------------|---------------------------------------|
+| **PackageInstallationRoot**<br>String  | Streaming\\PackageInstallationRoot  | Policy value not written (same as Not Configured) |
+| **PackageSourceRoot**<br>String  | Streaming\\PackageSourceRoot  | Policy value not written (same as Not Configured) |
+| **AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | Streaming\\AllowHighCostLaunch  | 0 |
+| **ReestablishmentRetries**<br>Integer (0-99)  | Streaming\\ReestablishmentRetries  | Policy value not written (same as Not Configured) |
+| **ReestablishmentInterval**<br>Integer (0-3600)  | Streaming\\ReestablishmentInterval  | Policy value not written (same as Not Configured) |
+| **LocationProvider**<br>String  | Streaming\\LocationProvider  | Policy value not written (same as Not Configured) |
+| **CertFilterForClientSsl**<br>String  | Streaming\\CertFilterForClientSsl  | Policy value not written (same as Not Configured) |
+| **VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Streaming\\VerifyCertificateRevocationList  | 0 |
+| **SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Streaming\\SharedContentStoreMode  | 0 |
+| **Name**<br>String  | Publishing\\Servers{serverId}\\FriendlyName  | Policy value not written (same as Not Configured) |
+| **URL**<br>String  | Publishing\\Servers{serverId}\\URL  | Policy value not written (same as Not Configured) |
+| **GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\GlobalEnabled  | False |
+| **GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\GlobalLogonRefresh  | False |
+| **GlobalRefreshInterval**<br>Integer (0-744)  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval  | 0 |
+| **GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit  | 1 |
+| **UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\UserEnabled  | False |
+| **UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\UserLogonRefresh  | False |
+| **UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval  | 0 |
+| **UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit  | 1 |
+| **MigrationMode**<br>True(enabled state); False (disabled state)  | Coexistence\\MigrationMode  | |
+| **EnablePackageScripts**<br>True(enabled); False(Disabled state)  | \\Scripting\\EnablePackageScripts  | |
+| **RoamingFileExclusions**<br>String  | | |
+| **RoamingRegistryExclusions**<br>String  | Integration\\RoamingReglstryExclusions  | Policy value not written (same as Not Configured) |
+| **IntegrationRootUser**<br>String  | Integration\\IntegrationRootUser  | Policy value not written (same as Not Configured) |
+| **IntegrationRootGlobal**<br>String  | Integration\\IntegrationRootGlobal  | Policy value not written (same as Not Configured) |
+| **VirtualizableExtensions**<br>String  | Integration\\VirtualizableExtensions  | Policy value not written |
+| **ReportingEnabled**<br>True (enabled); False (Disabled state)  | Reporting\\EnableReporting  | False |
+| **ReportingServerURL**<br>String  | Reporting\\ReportingServer  | Policy value not written (same as Not Configured) |
+| **ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Reporting\\DataCacheLimit  | Policy value not written (same as Not Configured) |
+| **ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Reporting\\DataBlockSize  | Policy value not written (same as Not Configured) |
+| **ReportingStartTime**<br>Integer (0 – 23)  | Reporting\\ StartTime  | Policy value not written (same as Not Configured) |
+| **ReportingInterval**<br>Integer  | Reporting\\RetryInterval  | Policy value not written (same as Not Configured) |
+| **ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Reporting\\RandomDelay  | Policy value not written (same as Not Configured) |
+| **EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization  | |
+| **EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Publishing  | |
+| **HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | | |
+| **ProcessesUsingVirtualComponents**<br>String  | Virtualization\\ProcessesUsingVirtualComponents  | Empty string. |
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-[Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md)
+[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
 
-[How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md)
diff --git a/windows/manage/appv-configure-access-to-packages-with-the-management-console.md b/windows/manage/appv-configure-access-to-packages-with-the-management-console.md
index b2c55b2ab7..c01d1ba74b 100644
--- a/windows/manage/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/manage/appv-configure-access-to-packages-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Configure Access to Packages by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Before you deploy an App-V virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group.
 
@@ -55,18 +57,10 @@ Use the following procedure to configure access to virtualized packages.
 
 3.  To close the **AD ACCESS** page, click **Close**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
index d05ca6113b..d0dd6dc5b9 100644
--- a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -11,94 +11,53 @@ ms.prod: w10
 
 # How to Make a Connection Group Ignore the Package Version
 
+**Applies to**
+-   Windows 10, version 1607
 
-Microsoft Application Virtualization (App-V) lets you configure a connection group to use any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.
+Application Virtualization (App-V) lets you configure a connection group to use any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.
 
-To upgrade a package in some earlier versions of App-V, you had to perform several steps, including disabling the connection group and modifying the connection group’s XML definition file.
+You can configure a connection group to accept any version of a package, which enables you to upgrade the package without having to disable the connection group:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Task description with App-V</th>
-<th align="left">How to perform the task with App-V</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>You can configure a connection group to accept any version of a package, which enables you to upgrade the package without having to disable the connection group.</p>
-<p><strong>How the feature works:</strong></p>
-<ul>
-<li><p>If the connection group has access to multiple versions of a package, the latest version is used.</p></li>
-<li><p>If the connection group contains an optional package that has an incorrect version, the package is ignored and won’t block the connection group’s virtual environment from being created.</p></li>
-<li><p>If the connection group contains a non-optional package that has an incorrect version, the connection group’s virtual environment cannot be created.</p></li>
-</ul></td>
-<td align="left"><table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Method</th>
-<th align="left">Steps</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V Server – Management Console</p></td>
-<td align="left"><ol>
-<li><p>In the Management Console, select <strong>CONNECTION GROUPS</strong>.</p></li>
-<li><p>Select the correct connection group from the Connection Groups library.</p></li>
-<li><p>Click <strong>EDIT</strong> in the CONNECTED PACKAGES pane.</p></li>
-<li><p>Select <strong>Use Any Version</strong> check box next to the package name, and click <strong>Apply</strong>.</p></li>
-</ol>
-<p>For more about adding or upgrading packages, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V Client on a Stand-alone computer</p></td>
-<td align="left"><ol>
-<li><p>Create the connection group XML document.</p></li>
-<li><p>For the package to be upgraded, set the <strong>Package</strong> tag attribute <strong>VersionID</strong> to an asterisk (<strong>*</strong>).</p></li>
-<li><p>Use the following cmdlet to add the connection group, and include the path to the connection group XML document:</p>
-<p><strong>Add-AppvClientConnectionGroup</strong></p></li>
-<li><p>When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package:</p>
-<ul>
-<li><p>RemoveAppvClientPackage</p></li>
-<li><p>Add-AppvClientPackage</p></li>
-<li><p>Publish-AppvClientPackage</p></li>
-</ul></li>
-</ol>
-<p>For more information, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md).</p>
-</td>
-</tr>
-</tbody>
-</table>
-<p> </p></td>
-</tr>
-</tbody>
-</table>
+- If the connection group has access to multiple versions of a package, the latest version is used.
 
- 
+- If the connection group contains an optional package that has an incorrect version, the package is ignored and won’t block the connection group’s virtual environment from being created.
+
+- If the connection group contains a non-optional package that has an incorrect version, the connection group’s virtual environment cannot be created.
+
+## To make a connection group ignore the package version by using the App-V Server Management Console
+
+1. In the Management Console, select **CONNECTION GROUPS**.
+
+2. Select the correct connection group from the Connection Groups library.
+
+3. Click **EDIT** in the CONNECTED PACKAGES pane.
+
+4. Select **Use Any Version** check box next to the package name, and click **Apply**.
+
+For more about adding or upgrading packages, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).
+
+##  To make a connection group ignore the package version from the App-V client on a stand-alone computer
+
+1. Create the connection group XML document.
+
+2. For the package to be upgraded, set the **Package** tag attribute **VersionID** to an asterisk (<strong>*</strong>).
+
+3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document:
+
+    `Add-AppvClientConnectionGroup`
+    
+4. When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package:
+
+    - RemoveAppvClientPackage
+    - Add-AppvClientPackage
+    - Publish-AppvClientPackage
+
+For more information, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md).
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Managing Connection Groups](appv-managing-connection-groups.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index f3d3469885..14b25e2912 100644
--- a/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -11,12 +11,14 @@ ms.prod: w10
 
 # How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
 
+**Applies to**
+-   Windows 10, version 1607
 
 Deploying packages and connection groups using the App-V publishing server is helpful because it offers single-point management and high scalability.
 
 Use the following steps to configure the App-V client to receive updates from the publishing server.
 
-**Note**  
+**Note**<br>
 For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**.
 
  
@@ -27,56 +29,37 @@ For the following procedures the management server was installed on a computer n
 
 2.  To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users.
 
-3.  On the computer running the App-V client, open an elevated PowerShell command prompt, run the following command:
+3.  On the computer running the App-V client, open an elevated Windows PowerShell command prompt, and run the following command:
 
-    **Add-AppvPublishingServer  -Name  ABC  -URL  http:// MyPubSrv/AppvPublishing**
+    `Add-AppvPublishingServer -Name ABC -URL http://MyPubSrv/AppvPublishing`
 
     This command will configure the specified publishing server. You should see output similar to the following:
-
+    
+    ```
     Id                        : 1
-
     SetByGroupPolicy          : False
-
     Name                      : ABC
-
     URL                       : http:// MyPubSrv/AppvPublishing
-
     GlobalRefreshEnabled      : False
-
     GlobalRefreshOnLogon      : False
-
     GlobalRefreshInterval     : 0
-
     GlobalRefreshIntervalUnit : Day
-
     UserRefreshEnabled        : True
-
     UserRefreshOnLogon        : True
-
     UserRefreshInterval       : 0
-
     UserRefreshIntervalUnit   : Day
+    ```
 
-    The returned Id – in this case 1
+4.  On the computer running the App-V client, open a Windows PowerShell command prompt, and type the following command:
 
-4.  On the computer running the App-V client, open a PowerShell command prompt, and type the following command:
-
-    **Sync-AppvPublishingServer  -ServerId  1**
+    `Sync-AppvPublishingServer -ServerId 1`
 
     The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-connect-to-the-management-console.md b/windows/manage/appv-connect-to-the-management-console.md
index ff0f1cc327..47da73bf11 100644
--- a/windows/manage/appv-connect-to-the-management-console.md
+++ b/windows/manage/appv-connect-to-the-management-console.md
@@ -10,17 +10,20 @@ ms.prod: w10
 
 # How to Connect to the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
+
 Use the following procedure to connect to the App-V Management Console.
 
 **To connect to the App-V Management Console**
 
-1.  Open Internet Explorer browser and type the address for the App-V. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
+1.  Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
 
 2.  To view different sections of the console, click the desired section in the navigation pane.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-connection-group-file.md b/windows/manage/appv-connection-group-file.md
index cf82d7392b..a523cd8c6d 100644
--- a/windows/manage/appv-connection-group-file.md
+++ b/windows/manage/appv-connection-group-file.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # About the Connection Group File
 
+**Applies to**
+-   Windows 10, version 1607
 
 **In this topic:**
 
@@ -201,91 +203,64 @@ The virtual application Microsoft Outlook is running in virtual environment **XY
 
 ## <a href="" id="bkmk-va-conn-configs"></a>Supported virtual application connection configurations
 
+The following application connection configurations are supported.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Configuration</th>
-<th align="left">Example scenario</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>An. exe file and plug-in (.dll)</p></td>
-<td align="left"><ul>
-<li><p>You want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.</p></li>
-<li><p>Enable the connection group for the appropriate users.</p></li>
-<li><p>Update each package individually as required.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>An. exe file and a middleware application</p></td>
-<td align="left"><ul>
-<li><p>You have an application requires a middleware application, or several applications that all depend on the same middleware runtime version.</p></li>
-<li><p>All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime.</p></li>
-<li><p>You can optionally combine multiple middleware applications into a single connection group.</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Example</th>
-<th align="left">Example description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Virtual application connection group for the financial division</p></td>
-<td align="left"><ul>
-<li><p>Middleware application 1</p></li>
-<li><p>Middleware application 2</p></li>
-<li><p>Middleware application 3</p></li>
-<li><p>Middleware application runtime</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Virtual application connection group for HR division</p></td>
-<td align="left"><ul>
-<li><p>Middleware application 5</p></li>
-<li><p>Middleware application 6</p></li>
-<li><p>Middleware application runtime</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-<p> </p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>An. exe file and an .exe file</p></td>
-<td align="left"><p>You have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.</p>
-<p><strong>Example:</strong></p>
-<p>If you are deploying Microsoft Lync 2010, you can use three packages:</p>
-<ul>
-<li><p>Microsoft Office 2010</p></li>
-<li><p>Microsoft Communicator 2007</p></li>
-<li><p>Microsoft Lync 2010</p></li>
-</ul>
-<p>You can manage the deployment using the following connection groups:</p>
-<ul>
-<li><p>Microsoft Office 2010 and Microsoft Communicator 2007</p></li>
-<li><p>Microsoft Office 2010 and Microsoft Lync 2010</p></li>
-</ul>
-<p>When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.</p></td>
-</tr>
-</tbody>
-</table>
+- **An. exe file and plug-in (.dll)**. For example, you might want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.
 
+    Enable the connection group for the appropriate users. Update each package individually as required.
+
+- **An. exe file and a middleware application**. You might have an application that requires a middleware application, or several applications that all depend on the same middleware runtime version.
+
+    All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime. You can optionally combine multiple middleware applications into a single connection group.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Example</th>
+    <th align="left">Example description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Virtual application connection group for the financial division</p></td>
+    <td align="left"><ul>
+    <li><p>Middleware application 1</p></li>
+    <li><p>Middleware application 2</p></li>
+    <li><p>Middleware application 3</p></li>
+    <li><p>Middleware application runtime</p></li>
+    </ul></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Virtual application connection group for HR division</p></td>
+    <td align="left"><ul>
+    <li><p>Middleware application 5</p></li>
+    <li><p>Middleware application 6</p></li>
+    <li><p>Middleware application runtime</p></li>
+    </ul></td>
+    </tr>
+    </tbody>
+    </table>
+
+- **An. exe file and an .exe file**. You might have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.
+
+    For example, if you are deploying Microsoft Lync 2010, you can use three packages:
+    - Microsoft Office 2010    
+    - Microsoft Communicator 2007
+    - Microsoft Lync 2010<br><br>
+    
+  You can manage the deployment using the following connection groups:
+    - Microsoft Office 2010 and Microsoft Communicator 2007
+    - Microsoft Office 2010 and Microsoft Lync 2010<br><br>
+    
+  When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-connection-group-virtual-environment.md b/windows/manage/appv-connection-group-virtual-environment.md
index 8b3a5e00fc..78339b6533 100644
--- a/windows/manage/appv-connection-group-virtual-environment.md
+++ b/windows/manage/appv-connection-group-virtual-environment.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # About the Connection Group Virtual Environment
 
+**Applies to**
+-   Windows 10, version 1607
 
 **In this topic:**
 
@@ -92,7 +94,7 @@ In the example above, when a virtualized application tries to find a specific fi
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 6ef26859d9..bb5c9776c7 100644
--- a/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # How to Convert a Package Created in a Previous Version of App-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V.
 
 > [!NOTE]  
@@ -54,7 +57,7 @@ When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index fab3419e83..467da82dda 100644
--- a/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -11,14 +11,16 @@ ms.prod: w10
 
 # How to Create a Connection Group with User-Published and Globally Published Packages
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods:
 
--   [How to use PowerShell cmdlets to create the user-entitled connection groups](#bkmk-posh-userentitled-cg)
+-   [How to use Windows PowerShell cmdlets to create user-entitled connection groups](#how-to-use-powershell-cmdlets-to-create-user-entitled-connection-groups)
 
--   [How to use the App-V Server to create the user-entitled connection groups](#bkmk-appvserver-userentitled-cg)
+-   [How to use the App-V Server to create user-entitled connection groups](#how-to-use-the-app-v-server-to-create-user-entitled-connection-groups)
 
-**What to know before you start:**
+## What to know before you start:
 
 <table>
 <colgroup>
@@ -46,27 +48,27 @@ You can create user-entitled connection groups that contain both user-published
 
  
 
-**How to use PowerShell cmdlets to create user-entitled connection groups**
+## How to use Windows PowerShell cmdlets to create user-entitled connection groups
 
 1.  Add and publish packages by using the following commands:
-
-    **Add-AppvClientPackage Pacakage1\_AppV\_file\_Path**
-
-    **Add-AppvClientPackage Pacakage2\_AppV\_file\_Path**
-
-    **Publish-AppvClientPackage -PackageId Package1\_ID -VersionId Package1\_Version ID -Global**
-
-    **Publish-AppvClientPackage -PackageId Package2\_ID -VersionId Package2\_ID**
+    
+    ```
+    Add-AppvClientPackage <Package1_AppV_file_Path>
+    Add-AppvClientPackage <Package2_AppV_file_Path>
+    Publish-AppvClientPackage -PackageId <Package1_ID> -VersionId <Package1_Version_ID> -Global
+    Publish-AppvClientPackage -PackageId <Package2_ID> -VersionId <Package2_Version_ID>
+    ```
 
 2.  Create the connection group XML file. For more information, see [About the Connection Group File](appv-connection-group-file.md).
 
 3.  Add and publish the connection group by using the following commands:
+    
+    ```
+    Add-AppvClientConnectionGroup <Connection_Group_XML_file_Path>
+    Enable-AppvClientConnectionGroup -GroupId <CG_Group_ID> -VersionId <CG_Version_ID>
+    ```
 
-    **Add-AppvClientConnectionGroup Connection\_Group\_XML\_file\_Path**
-
-    **Enable-AppvClientConnectionGroup  -GroupId CG\_Group\_ID -VersionId CG\_Version\_ID**
-
-**How to use the App-V Server to create user-entitled connection groups**
+## How to use the App-V Server to create user-entitled connection groups
 
 1.  Open the App-V Management Console.
 
@@ -74,7 +76,9 @@ You can create user-entitled connection groups that contain both user-published
 
 3.  Follow the instructions in [How to Create a Connection Group](appv-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-create-a-connection-group.md b/windows/manage/appv-create-a-connection-group.md
index 1f77e35d5d..3bbc7aa888 100644
--- a/windows/manage/appv-create-a-connection-group.md
+++ b/windows/manage/appv-create-a-connection-group.md
@@ -11,8 +11,10 @@ ms.prod: w10
 
 # How to Create a Connection Group
 
+**Applies to**
+-   Windows 10, version 1607
 
-Use these steps to create a connection group by using the App-V Management Console. To use PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
+Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
 
 When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root.
 
@@ -32,27 +34,17 @@ When you place packages in a connection group, their package root paths are merg
 
     To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane.
 
-    **Important**  
+    **Important**<br>
     By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
 
-     
-
 6.  After adding all the applications and configuring Active Directory access, click **Apply**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
 
 [Managing Connection Groups](appv-managing-connection-groups.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md
index 5ae5d599c7..82eb3a5165 100644
--- a/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Create a Custom Configuration File by Using the App-V Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V Dynamic Configuration](appv-dynamic-configuration.md).
 
@@ -29,20 +31,10 @@ Use the following procedure to create a Dynamic User Configuration file by using
     **Note**  
     To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server.
 
-     
+## Have a suggestion for App-V?
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-create-a-package-accelerator-with-powershell.md b/windows/manage/appv-create-a-package-accelerator-with-powershell.md
index 0694929374..fb7b1a1129 100644
--- a/windows/manage/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/manage/appv-create-a-package-accelerator-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Create a Package Accelerator by Using PowerShell (Windows 10)
-description: How to Create a Package Accelerator by Using PowerShell
+title: How to Create a Package Accelerator by Using Windows PowerShell (Windows 10)
+description: How to Create a Package Accelerator by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,8 +9,10 @@ ms.prod: w10
 ---
 
 
-# How to Create a Package Accelerator by Using PowerShell
+# How to Create a Package Accelerator by Using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
 
 App-V package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V package accelerator, you are not always required to manually install an application to create the virtualized package.
 
@@ -18,7 +20,7 @@ App-V package accelerators automatically sequence large, complex applications. A
 
 1.  Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md).
 
-2.  To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet.
+2.  To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet.
 
 3.  To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet:
 
@@ -34,22 +36,14 @@ App-V package accelerators automatically sequence large, complex applications. A
 
     **New-AppvPackageAccelerator -InputPackagePath &lt;path to the .appv file&gt; -Installer &lt;path to the installer executable&gt; -Path &lt;directory of the output path&gt;**
 
-    Additional optional parameters that can be used with the **New-AppvPackageAccelerator** cmdlet are displayed in the following list:
+    An additional optional parameter that can be used with the **New-AppvPackageAccelerator** cmdlet is as follows:
 
     -   **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
-[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
-
- 
-
- 
-
-
-
-
-
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-create-a-package-accelerator.md b/windows/manage/appv-create-a-package-accelerator.md
index d9a8f4a96a..690438f968 100644
--- a/windows/manage/appv-create-a-package-accelerator.md
+++ b/windows/manage/appv-create-a-package-accelerator.md
@@ -11,66 +11,47 @@ ms.prod: w10
 
 # How to Create a Package Accelerator
 
+**Applies to**
+-   Windows 10, version 1607
 
 App-V package accelerators automatically generate new virtual application packages.
 
-**Note**  
-You can use PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using PowerShell](appv-create-a-package-accelerator-with-powershell.md).
-
- 
+>**Note**&nbsp;&nbsp;You can use Windows PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md).
 
 Use the following procedure to create a package accelerator.
 
-**Important**  
-Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
+>**Important**
+> - Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
+> - Before you begin the following procedure, perform the following:
+    -   Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
+    -   Copy all required installation files associated with the virtual application package to the computer running the sequencer.
+> - The App-V Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V Sequencer.
 
- 
+## To create a package accelerator
 
-**Important**  
-Before you begin the following procedure, you should perform the following:
-
--   Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
-
--   Copy all required installation files associated with the virtual application package to the computer running the sequencer.
-
- 
-
-**To create a package accelerator**
-
-1.  **Important**  
-    The App-V Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V Sequencer.
-
-     
-
-    To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
 2.  To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, click **Tools** / **Create Accelerator**.
 
 3.  On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
 
-    **Tip**  
+    **Tip**<br>
     Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
-
-     
-
+    
     Click **Next**.
 
 4.  On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
 
-    **Tip**  
+    **Tip**<br>
     Copy the folder that contains the required installation files to the computer running the Sequencer.
 
-     
-
 5.  If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
 
 6.  On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
 
-    **Note**  
+    **Note**<br>
     You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
 
-     
-
 7.  On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
 
 8.  On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
@@ -83,25 +64,15 @@ Before you begin the following procedure, you should perform the following:
 
 11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
 
-    **Important**  
+    **Important**<br>
     To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
 
-     
+## Have a suggestion for App-V?
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
 
 [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
index b502103844..4cae334e5e 100644
--- a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
@@ -11,62 +11,47 @@ ms.prod: w10
 
 # How to Create a Virtual Application Package Using an App-V Package Accelerator
 
-
-**Important**  
-The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
-
- 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to create a virtual application package with the App-V Package Accelerator.
 
-**Note**  
-Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure.
-
- 
+> **Important**&nbsp;&nbsp;The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
 
 **To create a virtual application package with an App-V Package Accelerator**
 
-1.  To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1. Be sure that the required Package Accelerator has been copied locally to the computer that runs the App-V Sequencer. Also copy all required installation files for the package to a local folder on the computer that runs the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
 
-2.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
+2.  To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-3.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
+3.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
 
-    **Important**  
-    If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
+4.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
 
-     
+    > **Important**&nbsp;&nbsp;If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
 
-4.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
+5.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
 
-5.  On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
+6.  On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
 
     Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
 
-    **Note**  
-    You can specify the following types of supported installation files:
+    > **Note**&nbsp;&nbsp;You can specify the following types of supported installation files:
+    > -   Windows Installer files (**.msi**)
+    > -   Cabinet files (.cab)
+    > -   Compressed files with a .zip file name extension
+    > -   The actual application files
+    > The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
 
-    -   Windows Installer files (**.msi**)
+7.  If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
 
-    -   Cabinet files (.cab)
+8.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
 
-    -   Compressed files with a .zip file name extension
+9.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
 
-    -   The actual application files
+10.  To create the package, click **Create**. After the package is created, click **Next**.
 
-    The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
-
-     
-
-    If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
-
-6.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
-
-7.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
-
-    To create the package, click **Create**. After the package is created, click **Next**.
-
-8.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
+11.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
 
     If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
 
@@ -78,24 +63,16 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
     -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
 
-    If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
+    If you do not want to configure the applications, click **Skip this step**, and then click **Next**.
 
-9.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
+12.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
 
     The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-create-and-use-a-project-template.md b/windows/manage/appv-create-and-use-a-project-template.md
index fd57dc07d8..c6a0be63bb 100644
--- a/windows/manage/appv-create-and-use-a-project-template.md
+++ b/windows/manage/appv-create-and-use-a-project-template.md
@@ -11,13 +11,12 @@ ms.prod: w10
 
 # How to Create and Use a Project Template
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can use an App-V project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages.
 
-**Note**  
-You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application.
-
- 
+> **Note**&nbsp;&nbsp;You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application.
 
 App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications.
 
@@ -27,25 +26,19 @@ Use the following procedures to create and apply a new template.
 
 1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  **Note**  
-    If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure.
+    > **Note**&nbsp;&nbsp;If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure.
 
-     
-
-    To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
+2.  To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
 
 3.  In the App-V Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V project template. Click Save.
 
-    The new App-V project template is saved in the directory specified in step 3 of this procedure.
+    The new App-V project template is saved in the folder you specified.
 
 **To apply a project template**
 
-1.  **Important**  
-    Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported.
+> **Important**&nbsp;&nbsp;Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported.
 
-     
-
-    To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
 2.  To create or upgrade a new virtual application package by using an App-V project template, click **File** / **New From Template**.
 
@@ -53,18 +46,10 @@ Use the following procedures to create and apply a new template.
 
     Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-creating-and-managing-virtualized-applications.md b/windows/manage/appv-creating-and-managing-virtualized-applications.md
index e04c94fc76..861034a883 100644
--- a/windows/manage/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/manage/appv-creating-and-managing-virtualized-applications.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Creating and Managing App-V Virtualized Applications
 
+**Applies to**
+-   Windows 10, version 1607
 
 After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 
@@ -203,9 +205,10 @@ The App-V Sequencer can detect common sequencing issues during sequencing. The *
 
 You can also find additional information about sequencing errors using the Windows Event Viewer.
 
+## Have a suggestion for App-V?
 
-## <a href="" id="other-resources-for-the-app-v-5-1-sequencer-"></a>Other resources for the App-V sequencer
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
+## Related topics
 
 -   [Operations for App-V](appv-operations.md)
-
diff --git a/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md
index 3ec5082a93..09c76c884b 100644
--- a/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group.
 
@@ -28,18 +30,10 @@ Use the following procedure to customize the virtual application extensions for
 
 5.  To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-delete-a-connection-group.md b/windows/manage/appv-delete-a-connection-group.md
index 41661c8b51..a81a30d908 100644
--- a/windows/manage/appv-delete-a-connection-group.md
+++ b/windows/manage/appv-delete-a-connection-group.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Delete a Connection Group
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to delete an existing App-V connection group.
 
@@ -20,20 +22,12 @@ Use the following procedure to delete an existing App-V connection group.
 
 2.  Right-click the connection group to be removed, and select **delete**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
 
 [Managing Connection Groups](appv-managing-connection-groups.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-delete-a-package-with-the-management-console.md b/windows/manage/appv-delete-a-package-with-the-management-console.md
index da05ce9efb..93cd94b4f0 100644
--- a/windows/manage/appv-delete-a-package-with-the-management-console.md
+++ b/windows/manage/appv-delete-a-package-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Delete a Package in the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to delete an App-V package.
 
@@ -20,18 +22,10 @@ Use the following procedure to delete an App-V package.
 
 2.  Click or right-click the package. Select **Delete** to remove the package.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md b/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md
index a01fb30d6a..6a2ab10a6a 100644
--- a/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md
@@ -11,14 +11,17 @@ ms.prod: w10
 
 # How to Deploy the App-V Databases by Using SQL Scripts
 
+**Applies to**
+-   Windows Server 2016
+
 Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
 
 -   Install the App-V databases
 
 -   Upgrade the App-V databases to a later version
 
-> [!NOTE]  
-> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V.
+>**Note**  
+> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
 
 ## How to install the App-V databases by using SQL scripts
 
@@ -175,7 +178,7 @@ Steps to install "AppVReporting" schema in SQL SERVER.
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index b681e20927..d74a347576 100644
--- a/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # How to deploy App-V packages using electronic software distribution
 
+**Applies to**
+-   Windows 10, version 1607
+
 You can use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
 
 For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
@@ -20,7 +23,7 @@ Use one of the following methods to publish packages to App-V client computers w
 | - | - |
 | Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.| 
 | Stand-alone Windows Installer | Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V package file information used to configure a package and copies the required package files to the client. |
-| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).| 
+| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).| 
 
  
 
@@ -34,7 +37,7 @@ Use one of the following methods to publish packages to App-V client computers w
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-deploy-the-appv-server-with-a-script.md b/windows/manage/appv-deploy-the-appv-server-with-a-script.md
index 919248523e..ddc30926a2 100644
--- a/windows/manage/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/manage/appv-deploy-the-appv-server-with-a-script.md
@@ -1,6 +1,6 @@
----
+---
 title: How to Deploy the App-V Server Using a Script (Windows 10)
-description: How to Deploy the App-V Server Using a Script
+description: How to Deploy the App-V  Server Using a Script
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -11,779 +11,435 @@ ms.prod: w10
 
 # How to Deploy the App-V Server Using a Script
 
+**Applies to**
+-   Windows Server 2016
 
 In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters.
 
-**To Install the App-V server using a script**
+**To install the App-V server using a script**
 
--   Use the following tables for more information about installing the App-V server using the command line.
+Use the following lists and tables for more information about installing the App-V server using the command line.
 
-    **Note**  
-    The information in the following tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
+> **Note**&nbsp;&nbsp;The information in the following lists and tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
 
-     
+## How to use common parameters
 
-    **Common parameters and Examples**
+## To install the Management server and Management database on a local machine
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the Management server and Management database on a local machine.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/MANAGEMENT_SERVER</p></li>
-    <li><p>/MANAGEMENT_ADMINACCOUNT</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_NAME</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_PORT</p></li>
-    <li><p>/DB_PREDEPLOY_MANAGEMENT</p></li>
-    <li><p>/MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/MANAGEMENT_DB_NAME</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/MANAGEMENT_SERVER</p></li>
-    <li><p>/MANAGEMENT_ADMINACCOUNT</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_NAME</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_PORT</p></li>
-    <li><p>/DB_PREDEPLOY_MANAGEMENT</p></li>
-    <li><p>/MANAGEMENT_DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/MANAGEMENT_DB_NAME</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/MANAGEMENT_SERVER</p>
-    <p>/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”</p>
-    <p>/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”</p>
-    <p>/MANAGEMENT_WEBSITE_PORT=”8080”</p>
-    <p>/DB_PREDEPLOY_MANAGEMENT</p>
-    <p>/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/MANAGEMENT_DB_NAME=”AppVManagement”</p></td>
-    </tr>
-    </tbody>
-    </table>
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-     
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /MANAGEMENT_DB_NAME
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the Management server using an existing Management database on a local machine.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/MANAGEMENT_SERVER</p></li>
-    <li><p>/MANAGEMENT_ADMINACCOUNT</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_NAME</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_NAME</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/MANAGEMENT_SERVER</p></li>
-    <li><p>/MANAGEMENT_ADMINACCOUNT</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_NAME</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_NAME</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/MANAGEMENT_SERVER</p>
-    <p>/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”</p>
-    <p>/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”</p>
-    <p>/MANAGEMENT_WEBSITE_PORT=”8080”</p>
-    <p>/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL</p>
-    <p>/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”</p>
-    <p>/EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”</p></td>
-    </tr>
-    </tbody>
-    </table>
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use the following parameters:
 
-     
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /MANAGEMENT_DB_NAME
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To install the Management server using an existing Management database on a remote machine.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/MANAGEMENT_SERVER</p></li>
-    <li><p>/MANAGEMENT_ADMINACCOUNT</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_NAME</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_NAME</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/MANAGEMENT_SERVER</p></li>
-    <li><p>/MANAGEMENT_ADMINACCOUNT</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_NAME</p></li>
-    <li><p>/MANAGEMENT_WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/EXISTING_MANAGEMENT_DB_NAME</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/MANAGEMENT_SERVER</p>
-    <p>/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”</p>
-    <p>/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”</p>
-    <p>/MANAGEMENT_WEBSITE_PORT=”8080”</p>
-    <p>/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SqlServermachine.domainName”</p>
-    <p>/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”</p>
-    <p>/EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”</p></td>
-    </tr>
-    </tbody>
-    </table>
+### Example for using a custom instance of Microsoft SQL Server: 
 
-     
+/appv_server_setup.exe /QUIET<br>
+/MANAGEMENT_SERVER<br>
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
+/MANAGEMENT_WEBSITE_PORT="8080"<br>
+/DB_PREDEPLOY_MANAGEMENT<br>
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/MANAGEMENT_DB_NAME="AppVManagement"
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the Management database and the Management Server on the same computer.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_MANAGEMENT</p></li>
-    <li><p>/MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/MANAGEMENT_DB_NAME</p></li>
-    <li><p>/MANAGEMENT_SERVER_MACHINE_USE_LOCAL</p></li>
-    <li><p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_MANAGEMENT</p></li>
-    <li><p>/MANAGEMENT_DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/MANAGEMENT_DB_NAME</p></li>
-    <li><p>/MANAGEMENT_SERVER_MACHINE_USE_LOCAL</p></li>
-    <li><p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/DB_PREDEPLOY_MANAGEMENT</p>
-    <p>/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/MANAGEMENT_DB_NAME=”AppVManagement”</p>
-    <p>/MANAGEMENT_SERVER_MACHINE_USE_LOCAL</p>
-    <p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”</p></td>
-    </tr>
-    </tbody>
-    </table>
+## To install the Management server using an existing Management database on a local machine
 
-     
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To install the Management database on a different computer than the Management server.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_MANAGEMENT</p></li>
-    <li><p>/MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/MANAGEMENT_DB_NAME</p></li>
-    <li><p>/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT</p></li>
-    <li><p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_MANAGEMENT</p></li>
-    <li><p>/MANAGEMENT_DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/MANAGEMENT_DB_NAME</p></li>
-    <li><p>/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT</p></li>
-    <li><p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/DB_PREDEPLOY_MANAGEMENT</p>
-    <p>/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/MANAGEMENT_DB_NAME=”AppVManagement”</p>
-    <p>/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”</p>
-    <p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”</p></td>
-    </tr>
-    </tbody>
-    </table>
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_MANAGEMENT_DB_NAME
 
-     
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the publishing server.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/PUBLISHING_SERVER</p></li>
-    <li><p>/PUBLISHING_MGT_SERVER</p></li>
-    <li><p>/PUBLISHING_WEBSITE_NAME</p></li>
-    <li><p>/PUBLISHING_WEBSITE_PORT</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/PUBLISHING_SERVER</p>
-    <p>/PUBLISHING_MGT_SERVER=”http://ManagementServerName:ManagementPort”</p>
-    <p>/PUBLISHING_WEBSITE_NAME=”Microsoft AppV Publishing Service”</p>
-    <p>/PUBLISHING_WEBSITE_PORT=”8081”</p></td>
-    </tr>
-    </tbody>
-    </table>
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /EXISTING_MANAGEMENT_DB_NAME
 
-     
+### Example for using a custom instance of Microsoft SQL Server: 
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the Reporting server and Reporting database on a local machine.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/REPORTING _SERVER</p></li>
-    <li><p>/REPORTING _WEBSITE_NAME</p></li>
-    <li><p>/REPORTING _WEBSITE_PORT</p></li>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING _DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/REPORTING _DB_NAME</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/REPORTING _SERVER</p></li>
-    <li><p>/REPORTING _ADMINACCOUNT</p></li>
-    <li><p>/REPORTING _WEBSITE_NAME</p></li>
-    <li><p>/REPORTING _WEBSITE_PORT</p></li>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING _DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/REPORTING _DB_NAME</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <ul>
-    <li><p>/appv_server_setup.exe /QUIET</p></li>
-    <li><p>/REPORTING_SERVER</p></li>
-    <li><p>/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”</p></li>
-    <li><p>/REPORTING_WEBSITE_PORT=”8082”</p></li>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p></li>
-    <li><p>/REPORTING_DB_NAME=”AppVReporting”</p></li>
-    </ul></td>
-    </tr>
-    </tbody>
-    </table>
+/appv_server_setup.exe /QUIET<br>
+/MANAGEMENT_SERVER<br>
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
+/MANAGEMENT_WEBSITE_PORT="8080"<br>
+/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL<br>
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"<br>
+/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
 
-     
+## To install the Management server using an existing Management database on a remote machine
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the Reporting server and using an existing Reporting database on a local machine.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/REPORTING _SERVER</p></li>
-    <li><p>/REPORTING _WEBSITE_NAME</p></li>
-    <li><p>/REPORTING _WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL</p></li>
-    <li><p>/EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/EXISTING_REPORTING _DB_NAME</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/REPORTING _SERVER</p></li>
-    <li><p>/REPORTING _ADMINACCOUNT</p></li>
-    <li><p>/REPORTING _WEBSITE_NAME</p></li>
-    <li><p>/REPORTING _WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL</p></li>
-    <li><p>/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/EXISTING_REPORTING _DB_NAME</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/REPORTING_SERVER</p>
-    <p>/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”</p>
-    <p>/REPORTING_WEBSITE_PORT=”8082”</p>
-    <p>/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL</p>
-    <p>/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/EXITING_REPORTING_DB_NAME=”AppVReporting”</p></td>
-    </tr>
-    </tbody>
-    </table>
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-     
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_MANAGEMENT_DB_NAME
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To Install the Reporting server using an existing Reporting database on a remote machine.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/REPORTING _SERVER</p></li>
-    <li><p>/REPORTING _WEBSITE_NAME</p></li>
-    <li><p>/REPORTING _WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME</p></li>
-    <li><p>/EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/EXISTING_REPORTING _DB_NAME</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/REPORTING _SERVER</p></li>
-    <li><p>/REPORTING _ADMINACCOUNT</p></li>
-    <li><p>/REPORTING _WEBSITE_NAME</p></li>
-    <li><p>/REPORTING _WEBSITE_PORT</p></li>
-    <li><p>/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME</p></li>
-    <li><p>/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/EXISTING_REPORTING _DB_NAME</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/REPORTING_SERVER</p>
-    <p>/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”</p>
-    <p>/REPORTING_WEBSITE_PORT=”8082”</p>
-    <p>/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME=”SqlServerMachine.DomainName”</p>
-    <p>/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/EXITING_REPORTING_DB_NAME=”AppVReporting”</p></td>
-    </tr>
-    </tbody>
-    </table>
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: 
 
-     
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /EXISTING_MANAGEMENT_DB_NAME
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To install the Reporting database on the same computer as the Reporting server.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING _DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/REPORTING _DB_NAME</p></li>
-    <li><p>/REPORTING_SERVER_MACHINE_USE_LOCAL</p></li>
-    <li><p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING _DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/REPORTING _DB_NAME</p></li>
-    <li><p>/REPORTING_SERVER_MACHINE_USE_LOCAL</p></li>
-    <li><p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/DB_PREDEPLOY_REPORTING</p>
-    <p>/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/REPORTING_DB_NAME=”AppVReporting”</p>
-    <p>/REPORTING_SERVER_MACHINE_USE_LOCAL</p>
-    <p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”</p></td>
-    </tr>
-    </tbody>
-    </table>
+### Example for using a custom instance of Microsoft SQL Server:
 
-     
+/appv_server_setup.exe /QUIET<br>
+/MANAGEMENT_SERVER<br>
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
+/MANAGEMENT_WEBSITE_PORT="8080"<br>
+/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"<br>
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"<br>
+/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>To install the Reporting database on a different computer than the Reporting server.</p></td>
-    <td align="left"><p>To use the default instance of Microsoft SQL Server, use the following parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING _DB_SQLINSTANCE_USE_DEFAULT</p></li>
-    <li><p>/REPORTING _DB_NAME</p></li>
-    <li><p>/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT</p></li>
-    <li><p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>To use a custom instance of Microsoft SQL Server, use these parameters:</p>
-    <ul>
-    <li><p>/DB_PREDEPLOY_REPORTING</p></li>
-    <li><p>/REPORTING _DB_CUSTOM_SQLINSTANCE</p></li>
-    <li><p>/REPORTING _DB_NAME</p></li>
-    <li><p>/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT</p></li>
-    <li><p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT</p></li>
-    </ul>
-    <p>Using a custom instance of Microsoft SQL Server example:</p>
-    <p>/appv_server_setup.exe /QUIET</p>
-    <p>/DB_PREDEPLOY_REPORTING</p>
-    <p>/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”</p>
-    <p>/REPORTING_DB_NAME=”AppVReporting”</p>
-    <p>/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”</p>
-    <p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”</p></td>
-    </tr>
-    </tbody>
-    </table>
+## To install the Management database and the Management Server on the same computer
 
-     
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-    **Parameter Definitions**
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
 
-    **General Parameters**
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/QUIET</p></td>
-    <td align="left"><p>Specifies silent install.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/UNINSTALL</p></td>
-    <td align="left"><p>Specifies an uninstall.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/LAYOUT</p></td>
-    <td align="left"><p>Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/LAYOUTDIR</p></td>
-    <td align="left"><p>Specifies the layout directory. Takes a string. For example, /LAYOUTDIR=”C:\Application Virtualization Server”</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/INSTALLDIR</p></td>
-    <td align="left"><p>Specifies the installation directory. Takes a string. E.g. /INSTALLDIR=”C:\Program Files\Application Virtualization\Server”</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/MUOPTIN</p></td>
-    <td align="left"><p>Enables Microsoft Update. No value is expected</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/ACCEPTEULA</p></td>
-    <td align="left"><p>Accepts the license agreement. This is required for an unattended installation. Example usage: <strong>/ACCEPTEULA</strong> or <strong>/ACCEPTEULA=1</strong>.</p></td>
-    </tr>
-    </tbody>
-    </table>
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
 
-     
+### Example for using a custom instance of Microsoft SQL Server:
 
-    **Management Server Installation Parameters**
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_MANAGEMENT<br>
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/MANAGEMENT_DB_NAME="AppVManagement"<br>
+/MANAGEMENT_SERVER_MACHINE_USE_LOCAL<br>
+/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/MANAGEMENT_SERVER</p></td>
-    <td align="left"><p>Specifies that the management server will be installed. No value is expected</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/MANAGEMENT_ADMINACCOUNT</p></td>
-    <td align="left"><p>Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: <strong>/MANAGEMENT_ADMINACCOUNT=”mydomain\admin”</strong>. If <strong>/MANAGEMENT_SERVER</strong> is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, <strong>/MANAGEMENT_ADMINACCOUNT=&quot;mydomain\admin&quot;</strong>.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/MANAGEMENT_WEBSITE_NAME</p></td>
-    <td align="left"><p>Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME=”Microsoft App-V Management Service”</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>MANAGEMENT_WEBSITE_PORT</p></td>
-    <td align="left"><p>Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82.</p></td>
-    </tr>
-    </tbody>
-    </table>
+## To install the Management database on a different computer than the Management server
 
-     
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-    **Parameters for the Management Server Database**
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/DB_PREDEPLOY_MANAGEMENT</p></td>
-    <td align="left"><p>Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></td>
-    <td align="left"><p>Indicates that the default SQL instance should be used. No value is expected.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/MANAGEMENT_DB_ CUSTOM_SQLINSTANCE</p></td>
-    <td align="left"><p>Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: <strong>/MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”MYSQLSERVER”</strong>. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/MANAGEMENT_DB_NAME</p></td>
-    <td align="left"><p>Specifies the name of the new management database that should be created. Example usage: <strong>/MANAGEMENT_DB_NAME=”AppVMgmtDB”</strong>. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/MANAGEMENT_SERVER_MACHINE_USE_LOCAL</p></td>
-    <td align="left"><p>Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT</p></td>
-    <td align="left"><p>Specifies the machine account of the remote machine that the management server will be installed on. Example usage: <strong>/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”domain\computername”</strong></p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT</p></td>
-    <td align="left"><p>Indicates the Administrator account that will be used to install the management server. Example usage: <strong>/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT =”domain\alias”</strong></p></td>
-    </tr>
-    </tbody>
-    </table>
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
 
-     
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
 
-    **Parameters for Installing Publishing Server**
+### Example for using a custom instance of Microsoft SQL Server:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/PUBLISHING_SERVER</p></td>
-    <td align="left"><p>Specifies that the Publishing Server will be installed. No value is expected</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/PUBLISHING_MGT_SERVER</p></td>
-    <td align="left"><p>Specifies the URL to Management Service the Publishing server will connect to. Example usage: <strong>http://&lt;management server name&gt;:&lt;Management server port number&gt;</strong>. If /PUBLISHING_SERVER is not used, this parameter will be ignored</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/PUBLISHING_WEBSITE_NAME</p></td>
-    <td align="left"><p>Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME=”Microsoft App-V Publishing Service”</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/PUBLISHING_WEBSITE_PORT</p></td>
-    <td align="left"><p>Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83</p></td>
-    </tr>
-    </tbody>
-    </table>
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_MANAGEMENT<br>
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/MANAGEMENT_DB_NAME="AppVManagement"<br>
+/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
+/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
 
-     
+## To install the Publishing server
 
-    **Parameters for Reporting Server**
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/REPORTING_SERVER</p></td>
-    <td align="left"><p>Specifies that the Reporting Server will be installed. No value is expected</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/REPORTING_WEBSITE_NAME</p></td>
-    <td align="left"><p>Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME=&quot;Microsoft App-V ReportingService&quot;</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/REPORTING_WEBSITE_PORT</p></td>
-    <td align="left"><p>Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82</p></td>
-    </tr>
-    </tbody>
-    </table>
+- /PUBLISHING_SERVER
+- /PUBLISHING_MGT_SERVER
+- /PUBLISHING_WEBSITE_NAME
+- /PUBLISHING_WEBSITE_PORT
 
-     
+### Example
 
-    **Parameters for using an Existing Reporting Server Database**
+/appv_server_setup.exe /QUIET<br>
+/PUBLISHING_SERVER<br>
+/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"<br>
+/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"<br>
+/PUBLISHING_WEBSITE_PORT="8081"
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL</p></td>
-    <td align="left"><p>Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME</p></td>
-    <td align="left"><p>Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME=&quot;mycomputer1&quot;</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT</p></td>
-    <td align="left"><p>Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE</p></td>
-    <td align="left"><p>Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE=&quot;MYSQLSERVER&quot;</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/EXISTING_ REPORTING _DB_NAME</p></td>
-    <td align="left"><p>Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME=&quot;AppVReporting&quot;</p></td>
-    </tr>
-    </tbody>
-    </table>
+## To install the Reporting server and Reporting database on a local machine
 
-     
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
 
-    **Parameters for installing Reporting Server Database**
+- /REPORTING _SERVER
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
+- /REPORTING _DB_NAME
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/DB_PREDEPLOY_REPORTING</p></td>
-    <td align="left"><p>Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/REPORTING_DB_SQLINSTANCE_USE_DEFAULT</p></td>
-    <td align="left"><p>Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_ CUSTOM_SQLINSTANCE=&quot;MYSQLSERVER&quot;</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/REPORTING_DB_NAME</p></td>
-    <td align="left"><p>Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME=&quot;AppVMgmtDB&quot;</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/REPORTING_SERVER_MACHINE_USE_LOCAL</p></td>
-    <td align="left"><p>Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT</p></td>
-    <td align="left"><p>Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = &quot;domain\computername&quot;</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT</p></td>
-    <td align="left"><p>Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = &quot;domain\alias&quot;</p></td>
-    </tr>
-    </tbody>
-    </table>
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
 
-     
+- /REPORTING _SERVER
+- /REPORTING _ADMINACCOUNT
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_CUSTOM_SQLINSTANCE
+- /REPORTING _DB_NAME
 
-    **Parameters for using an existing Management Server Database**
+### Example for using a custom instance of Microsoft SQL Server:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">Information</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL</p></td>
-    <td align="left"><p>Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME</p></td>
-    <td align="left"><p>Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME=&quot;mycomputer1&quot;</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT</p></td>
-    <td align="left"><p>Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>/EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE</p></td>
-    <td align="left"><p>Specifies the name of the custom SQL instance that will be used. Example usage <strong>/EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”AppVManagement”</strong>. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>/EXISTING_MANAGEMENT_DB_NAME</p></td>
-    <td align="left"><p>Specifies the name of the existing management database that should be used. Example usage: <strong>/EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”</strong>. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.</p>
-    <p></p>
-    <p><strong>Have a suggestion for App-V</strong>? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). <strong>Got an App-V issue?</strong> Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).</p></td>
-    </tr>
-    </tbody>
-    </table>
+/appv_server_setup.exe /QUIET<br>
+/REPORTING_SERVER<br>
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
+/REPORTING_WEBSITE_PORT="8082"<br>
+/DB_PREDEPLOY_REPORTING<br>
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/REPORTING_DB_NAME="AppVReporting"
 
-     
+## To install the Reporting server using an existing Reporting database on a local machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_REPORTING_DB_NAME
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _ADMINACCOUNT
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
+- /EXISTING_REPORTING _DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/REPORTING_SERVER<br>
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
+/REPORTING_WEBSITE_PORT="8082"<br>
+/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL<br>
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/EXITING_REPORTING_DB_NAME="AppVReporting"
+
+## To install the Reporting server using an existing Reporting database on a remote machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_REPORTING _DB_NAME
+ 
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _ADMINACCOUNT
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
+- /EXISTING_REPORTING _DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/REPORTING_SERVER<br>
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
+/REPORTING_WEBSITE_PORT="8082"<br>
+/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"<br>
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/EXITING_REPORTING_DB_NAME="AppVReporting"
+
+## To install the Reporting database on the same computer as the Reporting server
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
+- /REPORTING_DB_NAME
+- /REPORTING_SERVER_MACHINE_USE_LOCAL
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_CUSTOM_SQLINSTANCE
+- /REPORTING _DB_NAME
+- /REPORTING_SERVER_MACHINE_USE_LOCAL
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_REPORTING<br>
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/REPORTING_DB_NAME="AppVReporting"<br>
+/REPORTING_SERVER_MACHINE_USE_LOCAL<br>
+/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+
+## To install the Reporting database on a different computer than the Reporting server
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
+- /REPORTING _DB_NAME
+- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_CUSTOM_SQLINSTANCE
+- /REPORTING _DB_NAME
+- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+Using a custom instance of Microsoft SQL Server example:<br>
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_REPORTING<br>
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/REPORTING_DB_NAME="AppVReporting"<br>
+/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
+/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+
+## Parameter definitions
+
+- [General parameters](#parameter-definitions-for-general-parameters)
+- [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
+- [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
+- [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
+- [Reporting Server parameters](#parameter-definitions-for-reporting-server)
+- [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
+- [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
+- [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
+
+### Parameter definitions for general parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| /QUIET | Specifies silent install. |
+| /UNINSTALL | Specifies an uninstall. |
+| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. |
+| /LAYOUTDIR | Specifies the layout directory. Takes a string. For example, /LAYOUTDIR="C:\Application Virtualization Server" |
+| /INSTALLDIR | Specifies the installation directory. Takes a string. E.g. /INSTALLDIR="C:\Program Files\Application Virtualization\Server" |
+| /MUOPTIN | Enables Microsoft Update. No value is expected |
+| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+
+### Parameter definitions for Management Server installation parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected |
+| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. |
+| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service" |
+| /MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82. |
+
+### Parameter definitions for the Management Server Database
+
+| Parameter | Description |
+|-----------|-------------|
+| /DB\_PREDEPLOY\_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected |
+| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. |
+| /MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
+| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
+| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
+| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** |
+| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"** |
+
+### Parameter definitions for Publishing Server installation parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected |
+| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://&lt;management server name&gt;:&lt;Management server port number&gt;**. If /PUBLISHING_SERVER is not used, this parameter will be ignored |
+| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service" |
+| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83 |
+
+### Parameter definitions for Reporting Server
+
+| Parameter | Description |
+|-----------|-------------|
+| /REPORTING_SERVER | Specifies that the Reporting Server will be installed. No value is expected |
+| /REPORTING_WEBSITE_NAME | Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService" |
+| /REPORTING_WEBSITE_PORT | Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82 |
+</tbody>
+</table>  
+
+### Parameters for using an existing Reporting Server database
+
+| Parameter | Description |
+|-----------|-------------|
+| /EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL | Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected. |
+| /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
+| /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. |
+| /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
+| /EXISTING_REPORTING_DB_NAME | Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting" |
+
+### Parameter definitions for Reporting Server database installation
+
+| Parameter | Description |
+|-----------|-------------|
+| /DB\_PREDEPLOY\_REPORTING | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected |
+| /REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
+| /REPORTING_DB_NAME | Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB" |
+| /REPORTING_SERVER_MACHINE_USE_LOCAL | Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
+| /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername" |
+| /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias" |
+
+### Parameters for using an existing Management Server database
+
+| Parameter | Description |
+|-----------|-------------|
+| /EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
+| /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that will be used. Example usage **/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| /EXISTING_MANAGEMENT_DB_NAME | Specifies the name of the existing management database that should be used. Example usage: **/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-deploy-the-appv-server.md b/windows/manage/appv-deploy-the-appv-server.md
index 3838c1812c..2f9977d7b8 100644
--- a/windows/manage/appv-deploy-the-appv-server.md
+++ b/windows/manage/appv-deploy-the-appv-server.md
@@ -1,6 +1,6 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
-description: How to Deploy the App-V Server
+description: How to Deploy the App-V Server in App-V for Windows 10
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -8,13 +8,16 @@ ms.sitesec: library
 ms.prod: w10
 ---
 
-# How to Deploy the App-V server
+# How to Deploy the App-V Server (new installation)
 
-Use the following procedure to install the App-V server..
+**Applies to**
+-   Windows Server 2016
+
+>**Important**<br>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
 
 **Before you start:**
 
--   Ensure that you’ve installed prerequisite software. See [App-V Prerequisites](appv-prerequisites.md).
+-   Ensure that you’ve installed required software. See [App-V Prerequisites](appv-prerequisites.md).
 
 -   Review the server section of [App-V security considerations](appv-security-considerations.md).
 
@@ -26,13 +29,19 @@ Use the following procedure to install the App-V server..
 
 **To install the App-V server**
 
-1.  Copy the App-V server installation files to the computer on which you want to install it.
+1.  Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
 
-2.  Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+    -   The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
 
-3.  Review and accept the license terms, and choose whether to enable Microsoft updates.
+    -   The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).  
 
-4.  On the **Feature Selection** page, select all of the following components.
+2.  Copy the App-V server installation files to the computer on which you want to install it.
+
+3.  Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+
+4.  Review and accept the license terms, and choose whether to enable Microsoft updates.
+
+5.  On the **Feature Selection** page, select all of the following components.
 
     | Component | Description |
     | - | - |
@@ -42,21 +51,20 @@ Use the following procedure to install the App-V server..
     | Reporting server | Provides App-V reporting services. |
     | Reporting database | Facilitates database predeployments for App-V reporting. |
 
-5.  On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+6.  On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
 
-6.  On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+7.  On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
 
     | Method | What you need to do |
     | - | - |
     | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.<br/>Use the format **INSTANCENAME**. The assumed installation location is the local computer.<br/>Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
     | You are using a custom database name. | Select **Custom configuration** and type the database name.<br/>The database name must be unique, or the installation will fail.|
 
-7.  On the **Configure** page, accept the default value **Use this local computer**.
+8.  On the **Configure** page, accept the default value **Use this local computer**.
 
-    > [!NOTE]  
-    > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+    >**Note**  If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
 
-8.  On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+9.  On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
 
     | Method | What you need to do |
     | - | - |
@@ -64,21 +72,21 @@ Use the following procedure to install the App-V server..
     | You are using a custom database name. | Select **Custom configuration** and type the database name.<br/>The database name must be unique, or the installation will fail.|
 
 
-9.  On the **Configure** page, accept the default value: **Use this local computer**.
+10. On the **Configure** page, accept the default value: **Use this local computer**.
 
-    > [!NOTE]  
+    >**Note** 
     > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
 
 
-10. On the **Configure** (Management Server Configuration) page, specify the following:
+11. On the **Configure** (Management Server Configuration) page, specify the following:
 
     |  Item to configure | Description and examples |
     | - | - |
-    Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser<br/>After installation, you can add additional users or groups by using the Management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use <strong>Domain local</strong> or <strong>Universal</strong> groups are required to perform this action.|
-    | **Website name**: Specify the custom name that will be used to run the publishing service.<br/>If you do not have a custom name, do not make any changes.|
+    | Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser<br><br/>After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use <strong>Domain local</strong> or <strong>Universal</strong> groups to perform this action.|    
+    | **Website name**: Specify the custom name that will be used to run the publishing service.<br/> | If you do not have a custom name, do not make any changes.|    
     |**Port binding**: Specify a unique port number that will be used by App-V. | Example: **12345**<br/>Ensure that the port specified is not being used by another website. |
 
-11. On the **Configure Publishing Server Configuration** page, specify the following:
+12. On the **Configure Publishing Server Configuration** page, specify the following:
 
     | Item to configure | Description and examples |
     | - | - |
@@ -86,16 +94,16 @@ Use the following procedure to install the App-V server..
     | **Website name**: Specify the custom name that will be used to run the publishing service.| If you do not have a custom name, do not make any changes. |
     | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 54321<br/>Ensure that the port specified is not being used by another website. |
 
-12. On the **Reporting Server** page, specify the following:
+13. On the **Reporting Server** page, specify the following:
 
     | Item to configure | Description and examples |
     | - | - |
     | **Website name**: Specify the custom name that will be used to run the Reporting Service. | If you do not have a custom name, do not make any changes. |
     | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 55555<br/>Ensure that the port specified is not being used by another website. |
 
-13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
+14. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
 
-14. To verify that the setup completed successfully, open a web browser, and type the following URL:
+15. To verify that the setup completed successfully, open a web browser, and type the following URL:
 
     **http://\<_Management server machine name_\>:\<_Management service port number_\>/console.html**.
 
@@ -103,7 +111,7 @@ Use the following procedure to install the App-V server..
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-deploying-appv.md b/windows/manage/appv-deploying-appv.md
index 4afd68b171..53ad22d7a7 100644
--- a/windows/manage/appv-deploying-appv.md
+++ b/windows/manage/appv-deploying-appv.md
@@ -8,16 +8,19 @@ ms.sitesec: library
 ms.prod: w10
 ---
 
-# Deploying App-V
+# Deploying App-V for Windows 10
 
-App-V supports a number of different deployment options. This section of the App-V Administrator’s Guide includes information you should consider about the deployment of App-V and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment.
+**Applies to**
+-   Windows 10, version 1607
+
+App-V supports a number of different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
 
 ## App-V Deployment Information
 
 
--   [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md)
+-   [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
 
-    This section describes how to install the App-V sequencer which is used to virtualize applications, and the App-V client which runs on target computers to facilitate virtualized packages.
+    This section describes how to install the App-V sequencer, which is used to virtualize applications, and how to enable the App-V client, which runs on target computers to facilitate virtualized packages.
 
 -   [Deploying the App-V Server](appv-deploying-the-appv-server.md)
 
@@ -44,4 +47,4 @@ App-V supports a number of different deployment options. This section of the App
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md
index 694046b16c..dcf42974b4 100644
--- a/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Deploying Microsoft Office 2010 by Using App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
 
@@ -65,16 +67,16 @@ The following table shows the App-V versions, methods of Office package creation
 
 Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions:
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
 
 ## Creating Office 2010 App-V packages using package accelerators
 
 
 Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
 
 For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md).
 
@@ -87,7 +89,7 @@ You can deploy Office 2010 packages by using any of the following App-V deployme
 
 -   App-V server
 
--   Stand-alone through PowerShell commands
+-   Stand-alone through Windows PowerShell commands
 
 ## Office App-V package management and customization
 
@@ -170,7 +172,7 @@ The following table provides a full list of supported integration points for Off
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx).</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
@@ -268,26 +270,26 @@ The following table provides a full list of supported integration points for Off
 
 **Office 2013 App-V Packages Additional Resources**
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
 
 **Office 2010 App-V Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
-
 [Managing Connection Groups](appv-managing-connection-groups.md)
 
+[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
+
 **Dynamic Configuration**
 
 [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md
index b092b860ba..90cdcd48d7 100644
--- a/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Deploying Microsoft Office 2013 by Using App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the information in this article to use Microsoft Application Virtualization (App-V), or later versions, to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
 
@@ -46,7 +48,7 @@ Use the following table to get information about supported versions of Office an
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)</p></td>
+<td align="left"><p>[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)</p></td>
 <td align="left"><ul>
 <li><p>Supported versions of Office</p></li>
 <li><p>Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)</p></li>
@@ -54,7 +56,7 @@ Use the following table to get information about supported versions of Office an
 </ul></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)</p></td>
+<td align="left"><p>[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)</p></td>
 <td align="left"><p>Considerations for installing different versions of Office on the same computer</p></td>
 </tr>
 </tbody>
@@ -133,7 +135,7 @@ The following table describes the recommended methods for excluding specific Off
 <td align="left"><p>Use the <strong>ExcludeApp</strong> setting when you create the package by using the Office Deployment Tool.</p></td>
 <td align="left"><ul>
 <li><p>Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.</p></li>
-<li><p>For more information, see [ExcludeApp element](http://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).</p></li>
+<li><p>For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement).</p></li>
 </ul></td>
 </tr>
 <tr class="even">
@@ -205,7 +207,7 @@ Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the
 
 Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
 
-1.  Download the [Office Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778).
+1.  Download the [Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778).
 
 2.  Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
 
@@ -238,68 +240,10 @@ The XML file that is included in the Office Deployment Tool specifies the produc
         </Configuration>
         ```
 
-        **Note**  
+        **Note**<br>
         The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
 
-         
-
-        The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
-
-        <table>
-        <colgroup>
-        <col width="33%" />
-        <col width="33%" />
-        <col width="33%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">Input</th>
-        <th align="left">Description</th>
-        <th align="left">Example</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Add element</p></td>
-        <td align="left"><p>Specifies the products and languages to include in the package.</p></td>
-        <td align="left"><p>N/A</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>OfficeClientEdition (attribute of Add element)</p></td>
-        <td align="left"><p>Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if <strong>OfficeClientEdition</strong> is not set to a valid value.</p></td>
-        <td align="left"><p><strong>OfficeClientEdition</strong>=&quot;32&quot;</p>
-        <p><strong>OfficeClientEdition</strong>=&quot;64&quot;</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Product element</p></td>
-        <td align="left"><p>Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.</p></td>
-        <td align="left"><p><code>Product ID =&quot;O365ProPlusRetail &quot;</code></p>
-        <p><code>Product ID =&quot;VisioProRetail&quot;</code></p>
-        <p><code>Product ID =&quot;ProjectProRetail&quot;</code></p>
-        <p><code>Product ID =&quot;ProPlusVolume&quot;</code></p>
-        <p><code>Product ID =&quot;VisioProVolume&quot;</code></p>
-        <p><code>Product ID = &quot;ProjectProVolume&quot;</code></p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Language element</p></td>
-        <td align="left"><p>Specifies the language supported in the applications</p></td>
-        <td align="left"><p><code>Language ID=&quot;en-us&quot;</code></p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Version (attribute of Add element)</p></td>
-        <td align="left"><p>Optional. Specifies a build to use for the package</p>
-        <p>Defaults to latest advertised build (as defined in v32.CAB at the Office source).</p></td>
-        <td align="left"><p><code>15.1.2.3</code></p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>SourcePath (attribute of Add element)</p></td>
-        <td align="left"><p>Specifies the location in which the applications will be saved to.</p></td>
-        <td align="left"><p><code>Sourcepath = &quot;\\Server\Office2013”</code></p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-XML-file), later in this topic.
 
         After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
 
@@ -318,25 +262,72 @@ The XML file that is included in the Office Deployment Tool specifies the produc
     </colgroup>
     <tbody>
     <tr class="odd">
-    <td align="left"><p><strong>\\server\Office2013</strong></p></td>
+    <td align="left"><p><code>\\server\Office2013</code></p></td>
     <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><strong>Setup.exe</strong></p></td>
+    <td align="left"><p><code>setup.exe</code></p></td>
     <td align="left"><p>is the Office Deployment Tool.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><strong>/download</strong></p></td>
+    <td align="left"><p><code>/download</code></p></td>
     <td align="left"><p>downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><strong>\\server\Office2013\Customconfig.xml</strong></p></td>
+    <td align="left"><p><code>\\server\Office2013\Customconfig.xml</code></p></td>
     <td align="left"><p>passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.</p></td>
     </tr>
     </tbody>
     </table>
 
-     
+#### Customizable attributes and elements of the XML file
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Input and description</th>
+<th align="left">Example</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Add element:<br>Specifies the products and languages to include in the package.</p></td>
+<td align="left"><p>N/A</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>OfficeClientEdition (attribute of Add element):<br>Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if <strong>OfficeClientEdition</strong> is not set to a valid value.</p></td>
+<td align="left"><p><code>OfficeClientEdition=&quot;32&quot;</code></p>
+<p><code>OfficeClientEdition=&quot;64&quot;</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Product element:<br>Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.</p></td>
+<td align="left"><p><code>Product ID =&quot;O365ProPlusRetail &quot;</code></p>
+<p><code>Product ID =&quot;VisioProRetail&quot;</code></p>
+<p><code>Product ID =&quot;ProjectProRetail&quot;</code></p>
+<p><code>Product ID =&quot;ProPlusVolume&quot;</code></p>
+<p><code>Product ID =&quot;VisioProVolume&quot;</code></p>
+<p><code>Product ID = &quot;ProjectProVolume&quot;</code></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Language element:<br>Specifies the language supported in the applications.</p></td>
+<td align="left"><p><code>Language ID=&quot;en-us&quot;</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Version (attribute of Add element):<br>Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).</p></td>
+<td align="left"><p><code>15.1.2.3</code></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>SourcePath (attribute of Add element):<br>Specifies the location in which the applications will be saved to.</p></td>
+<td align="left"><p><code>Sourcepath = &quot;\\Server\Office2013”</code></p></td>
+</tr>
+</tbody>
+</table>
+
+   
 
 ### Convert the Office applications into an App-V package
 
@@ -388,122 +379,58 @@ After you download the Office 2013 applications through the Office Deployment To
 </tbody>
 </table>
 
- 
-
-**How to convert the Office applications into an App-V package**
+#### How to convert the Office applications into an App-V package
 
 1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Parameter</th>
-    <th align="left">What to change the value to</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>SourcePath</p></td>
-    <td align="left"><p>Point to the Office applications downloaded earlier.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>ProductID</p></td>
-    <td align="left"><p>Specify the type of licensing, as shown in the following examples:</p>
-    <ul>
-    <li><p>Subscription Licensing</p>
-    <pre class="syntax" space="preserve"><code>&lt;Configuration&gt;
-       &lt;Add SourcePath= &quot;\\server\Office 2013&quot; OfficeClientEdition=&quot;32&quot; &gt;
-        &lt;Product ID=&quot;O365ProPlusRetail&quot;&gt;
-          &lt;Language ID=&quot;en-us&quot; /&gt;
-        &lt;/Product&gt;
-        &lt;Product ID=&quot;VisioProRetail&quot;&gt;
-          &lt;Language ID=&quot;en-us&quot; /&gt;
-        &lt;/Product&gt;
-      &lt;/Add&gt;  
-    &lt;/Configuration&gt; </code></pre>
-    <p>In this example, the following changes were made to create a package with Subscription licensing:</p>
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p><strong>SourcePath</strong></p></td>
-    <td align="left"><p>is the path, which was changed to point to the Office applications that were downloaded earlier.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><strong>Product ID</strong></p></td>
-    <td align="left"><p>for Office was changed to <code>O365ProPlusRetail</code>.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><strong>Product ID</strong></p></td>
-    <td align="left"><p>for Visio was changed to <code>VisioProRetail</code>.</p></td>
-    </tr>
-    </tbody>
-    </table>
-    <p> </p>
-    <p></p></li>
-    <li><p>Volume Licensing</p>
-    <pre class="syntax" space="preserve"><code>&lt;Configuration&gt;
-       &lt;Add SourcePath= &quot;\\Server\Office2013&quot; OfficeClientEdition=&quot;32&quot; &gt;
-        &lt;Product ID=&quot;ProPlusVolume&quot;&gt;
-          &lt;Language ID=&quot;en-us&quot; /&gt;
-        &lt;/Product&gt;
-        &lt;Product ID=&quot;VisioProVolume&quot;&gt;
-          &lt;Language ID=&quot;en-us&quot; /&gt;
-        &lt;/Product&gt;
-      &lt;/Add&gt;  
-    &lt;/Configuration&gt;</code></pre>
-    <p>In this example, the following changes were made to create a package with Volume licensing:</p>
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p><strong>SourcePath</strong></p></td>
-    <td align="left"><p>is the path, which was changed to point to the Office applications that were downloaded earlier.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p><strong>Product ID</strong></p></td>
-    <td align="left"><p>for Office was changed to <code>ProPlusVolume</code>.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p><strong>Product ID</strong></p></td>
-    <td align="left"><p>for Visio was changed to <code>VisioProVolume</code>.</p></td>
-    </tr>
-    </tbody>
-    </table>
-    <p> </p>
-    <p></p></li>
-    </ul></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>ExcludeApp (optional)</p></td>
-    <td align="left"><p>Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>PACKAGEGUID (optional)</p></td>
-    <td align="left"><p>By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.</p>
-    <p>An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.</p>
-    <div class="alert">
-    <strong>Note</strong>  
-    <p>Even if you use unique package IDs, you can still deploy only one App-V package to a single device.</p>
-    </div>
-    <div>
-     
-    </div></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
+    - **SourcePath**: Point to the Office applications downloaded earlier.
+    
+    - **ProductID**: Specify the type of licensing, as shown in the following examples:
+        - Subscription Licensing:
+        ```
+<Configuration>
+   <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
+    <Product ID="O365ProPlusRetail">
+      <Language ID="en-us" />
+    </Product>
+    <Product ID="VisioProRetail">
+      <Language ID="en-us" />
+    </Product>
+  </Add>  
+</Configuration> 
+        ```
+        In this example, the following changes were made to create a package with Subscription licensing:
+        
+        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
+        **Product ID** for Office was changed to `O365ProPlusRetail`.<br>
+        **Product ID** for Visio was changed to `VisioProRetail`.
+        
+        - Volume Licensing
+        ```
+<Configuration>
+   <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
+    <Product ID="ProPlusVolume">
+      <Language ID="en-us" />
+    </Product>
+    <Product ID="VisioProVolume">
+      <Language ID="en-us" />
+    </Product>
+  </Add>  
+</Configuration>
+        ```
+        In this example, the following changes were made to create a package with Volume licensing:
+        
+        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
+        **Product ID** for Office was changed to `ProPlusVolume`.<br>
+        **Product ID** for Visio was changed to `VisioProVolume`.
+    
+    - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
+    
+    - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+        
+        An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
+        
+        **Note**&nbsp;&nbsp;Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
 
 2.  Use the /packager command to convert the Office applications to an Office 2013 App-V package.
 
@@ -522,40 +449,33 @@ After you download the Office 2013 applications through the Office Deployment To
     </colgroup>
     <tbody>
     <tr class="odd">
-    <td align="left"><p><strong>\\server\Office2013</strong></p></td>
+    <td align="left"><p><code>\\server\Office2013</code></p></td>
     <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><strong>Setup.exe</strong></p></td>
+    <td align="left"><p><code>setup.exe</code></p></td>
     <td align="left"><p>is the Office Deployment Tool.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><strong>/packager</strong></p></td>
+    <td align="left"><p><code>/packager</code></p></td>
     <td align="left"><p>creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><strong>\\server\Office2013\Customconfig.xml</strong></p></td>
+    <td align="left"><p><code>\\server\Office2013\Customconfig.xml</code></p></td>
     <td align="left"><p>passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><strong>\\server\share\Office 2013AppV</strong></p></td>
+    <td align="left"><p><code>\\server\share\Office2013AppV</code></p></td>
     <td align="left"><p>specifies the location of the newly created Office App-V package.</p></td>
     </tr>
     </tbody>
     </table>
 
-     
-
     After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
-
-    -   **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
-
-    -   **WorkingDir**
-
-    **Note**  
-    To troubleshoot any issues, see the log files in the %temp% directory (default).
-
-     
+    **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.<br>
+    **WorkingDir**
+    
+    **Note**&nbsp;&nbsp;To troubleshoot any issues, see the log files in the %temp% directory (default).
 
 3.  Verify that the Office 2013 App-V package works correctly:
 
@@ -576,7 +496,7 @@ Deploy the App-V package for Office 2013 by using the same methods you use for a
 
 -   App-V Server
 
--   Stand-alone through PowerShell commands
+-   Stand-alone through Windows PowerShell commands
 
 ### Publishing prerequisites and requirements
 
@@ -593,9 +513,9 @@ Deploy the App-V package for Office 2013 by using the same methods you use for a
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Enable PowerShell scripting on the App-V clients</p></td>
+<td align="left"><p>Enable Windows PowerShell scripting on the App-V clients</p></td>
 <td align="left"><p>To publish Office 2013 packages, you must run a script.</p>
-<p>Package scripts are disabled by default on App-V clients. To enable scripting, run the following PowerShell command:</p>
+<p>Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:</p>
 <pre class="syntax" space="preserve"><code>Set-AppvClientConfiguration –EnablePackageScripts 1</code></pre></td>
 </tr>
 <tr class="even">
@@ -639,20 +559,17 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 **To enable plug-ins for Office App-V packages**
 
-1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
+1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
 
 2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
 
 3.  Create an App-V package that includes the desired plug-ins.
 
-4.  Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet.
+4.  Add a Connection Group through App-V server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
 
 5.  Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
 
-    **Important**  
-    The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
-
-     
+    **Important**&nbsp;&nbsp;The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
 
 6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
 
@@ -793,7 +710,11 @@ An Office 2013 App-V Package with your chosen licensing will be successfully dep
 
 ### <a href="" id="bkmk-deploy-visio-project"></a>Deploying Visio 2013 and Project 2013 with Office
 
-The following table describes the requirements and options for deploying Visio 2013 and Project 2013 with Office.
+This section describes the requirements and options for deploying Visio 2013 and Project 2013 with Office.
+
+- **To package and publish Visio 2013 and Project 2013 with Office**: Include Visio 2013 and Project 2013 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project.
+
+- **To deploy Visio 2013 and Project 2013 to specific users**: Use one of the following methods:
 
 <table>
 <colgroup>
@@ -802,28 +723,8 @@ The following table describes the requirements and options for deploying Visio 2
 </colgroup>
 <thead>
 <tr class="header">
-<th align="left">Task</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>How do I package and publish Visio 2013 and Project 2013 with Office?</p></td>
-<td align="left"><p>You must include Visio 2013 and Project 2013 in the same package with Office.</p>
-<p>If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the [Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0](https://technet.microsoft.com/en-us/itpro/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions#bkmk-pkg-pub-reqs).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>How can I deploy Visio 2013 and Project 2013 to specific users?</p></td>
-<td align="left"><p>Use one of the following methods:</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">If you want to...</th>
-<th align="left">...then use this method</th>
+<th align="left">Goal</th>
+<th align="left">Method</th>
 </tr>
 </thead>
 <tbody>
@@ -841,55 +742,39 @@ The following table describes the requirements and options for deploying Visio 2
 <ol>
 <li><p>Create a package that contains Office, Visio, and Project.</p></li>
 <li><p>Deploy the package to all users.</p></li>
-<li><p>Use [Microsoft AppLocker](http://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.</p></li>
+<li><p>Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project.</p></li>
 </ol></td>
 </tr>
 </tbody>
 </table>
-<p> </p></td>
-</tr>
-</tbody>
-</table>
-
- 
 
 ## Additional resources
 
 
 **Office 2013 App-V Packages Additional Resources**
 
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778)
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
 
 **Office 2010 App-V Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
-
 [Managing Connection Groups](appv-managing-connection-groups.md)
 
+[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
+
 **Dynamic Configuration**
 
 [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
- 
-
- 
-
-
-
-
-
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 40d840f195..77314ded8e 100644
--- a/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -11,15 +11,17 @@ ms.prod: w10
 
 # Deploying App-V Packages by Using Electronic Software Distribution (ESD)
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can deploy App-V packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
 
-To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816)
+To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv)
 
 ## How to deploy virtualized packages using an ESD
 
 
-Describes the methods you can use to deploy App-V packages by using an ESD
+Describes the methods you can use to deploy App-V packages by using an ESD.
 
 [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
 
@@ -33,12 +35,12 @@ Explains how to configure the App-V client to enable only administrators to publ
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for using an ESD and App-V
 
 
-Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294).
+Use the following link for more information about [App-V and Citrix Integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885).
 
 [Operations for App-V](appv-operations.md)
 
diff --git a/windows/manage/appv-deploying-the-appv-sequencer-and-client.md b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md
index 19cb04b5f4..ca8397a1fe 100644
--- a/windows/manage/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md
@@ -1,6 +1,6 @@
 ---
-title: Deploy the App-V Sequencer and Client (Windows 10)
-description: Deploying the App-V Sequencer and Client
+title: Deploying the App-V Sequencer and Configuring the Client (Windows 10)
+description: Deploying the App-V Sequencer and Configuring the Client
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,45 +9,39 @@ ms.prod: w10
 ---
 
 
-# Deploying the App-V Sequencer and Client
+# Deploying the App-V Sequencer and Configuring the Client
+
+**Applies to**
+-   Windows 10, version 1607
 
 The App-V Sequencer and client enable administrators to virtualize and run virtualized applications.
 
 ## Enable the client
 
-
 The App-V client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server.
 
 > [!NOTE]  
-> In Windows 10, version 1607, App-V is included with the OS. You only need to enable it.
+> In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
 
 [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
 
 ## Client Configuration Settings
 
-
-The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries.
-
-[About Client Configuration Settings](appv-client-configuration-settings.md)
+The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About Client Configuration Settings](appv-client-configuration-settings.md).
 
 ## Configure the client by using the ADMX template and Group Policy
 
 You can use Group Policy to configure the client settings for the App-V client and the Remote Desktop Services client.
 
-
-Perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
+To manage the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
 
 1.  Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions**
 
 2.  Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ <Language Directory>**
 
-After you have completed the preceding steps, you can manage the App-V client configuration settings with the **Group Policy Management** console.
+After you have completed the preceding steps, you can use Group Policy to configure the client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
 
-The App-V client also stores its configuration in the registry. You can gather some useful information about the client if you understand the format of the data in the registry. You can also configure many client actions by changing registry entries.
-
-[How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md)
-
-## Deploy the client by using the Shared Content Store mode
+## Understanding Shared Content Store mode for App-V clients
 
 The App-V Shared Content Store (SCS) mode enables the SCS App-V clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode.
 
@@ -62,23 +56,33 @@ The SCS mode is helpful in the following scenarios:
 
 -   Remote Desktop Services deployments
 
-To use SCS in your environment, you must enable the App-V client to run in SCS mode. This setting should be specified during installation. By default, the client is not configured to use SCS mode. You should install the client by using the suggested procedure if you plan to use SCS. However, you can configure an existing App-V client to run in SCS mode by entering the following Windows PowerShell command on the computer that runs the App-V client:
-
-```
-set-AppvClientConfiguration -SharedContentStoreMode 1
-```
+To use SCS in your environment, you must configure the App-V client to run in SCS mode (it will not use SCS mode by default). 
 
 There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V client in SCS mode. This can be accomplished with Windows PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using Windows PowerShell commands. The package would not stream across the network because it would be locally stored.
 
-[How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md)
+### Configure the Group Policy setting for the SCS Mode for App-V clients
+
+Use the following steps to locate and configure the Group Policy setting for the SCS Mode for App-V clients.
+
+1.  In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
+
+2.  Enable the **Set the Shared Content Mode (SCS) mode** setting.
+
+### Configure an individual client to use the SCS mode
+
+To configure the App-V client to run in SCS mode, on the client, enter the following Windows PowerShell command:
+
+```
+Set-AppvClientConfiguration -SharedContentStoreMode 1
+```
 
 ## Deploy the Sequencer
 
 The Sequencer is a tool that is used to convert standard applications into virtual packages for deployment to computers that run the App-V client. The Sequencer helps provide a simple and predictable conversion process with minimal changes to prior sequencing workflows. In addition, the Sequencer allows users to more easily configure applications to enable connections of virtualized applications.
 
-For a list of changes in the App-V Sequencer, see [About App-V](appv-about-appv.md).
+For a list of changes in the App-V Sequencer, see [What's new in App-V](appv-about-appv.md#bkmk-seqimprove).
 
-[How to Install the Sequencer](appv-install-the-sequencer.md)
+To deploy the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
 
 ## App-V Client and Sequencer logs
 
@@ -87,11 +91,6 @@ You can use the App-V Sequencer log information to help troubleshoot the Sequenc
 
 **Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**.
 
-## Other resources for deploying the Sequencer and client
-
-- [Deploying App-V](appv-deploying-appv.md)
-- [Planning for App-V](appv-planning-for-appv.md)
-
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-the-appv-server.md b/windows/manage/appv-deploying-the-appv-server.md
index 309a23843c..7cfca2fe26 100644
--- a/windows/manage/appv-deploying-the-appv-server.md
+++ b/windows/manage/appv-deploying-the-appv-server.md
@@ -1,6 +1,6 @@
 ---
 title: Deploying the App-V Server (Windows 10)
-description: Deploying the App-V Server
+description: Deploying the App-V Server in App-V for Windows 10
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -8,29 +8,37 @@ ms.sitesec: library
 ms.prod: w10
 ---
 
-# Deploying the App-V Server
+# Deploying the App-V server
 
-You can install the App-V server features by using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md). 
+**Applies to**
+-   Windows Server 2016
 
-For information about deploying the App-V Server, see [About App-V](appv-about-appv.md).
+>**Note**<br>If you plan to use the App-V server components in your deployment, note that they reference App-V 5.x. This is because the App-V server components have not changed in App-V for Windows 10. 
+
+You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md). 
+
+For information about deploying App-V for Windows 10, see [What's new in App-V](appv-about-appv.md).
 
 >**Important**<br>Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
 
 ## Download and install App-V server components
 
+>**Note**<br>
+If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+
 App-V offers the following five server components, each of which serves a specific purpose in an App-V environment. 
 
 - **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
 
-    >**Note**<br>If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you can still take advantage of the reporting and streaming capabilities in App-V.
+    >**Note**<br>If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
     
-- **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to deploy the App-V server components](appv-deploy-the-appv-server.md) for more information about the management database.
+- **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the management database.
  
 - **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. See [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md) for more information about configuring the publishing server.
 
 - **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. See [About App-V reporting](appv-reporting.md) for more information about the reporting capabilities in App-V.
 
-- **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to deploy the App-V server](appv-deploy-the-appv-server.md) for more information about the reporting database.
+- **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the reporting database.
 
 All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
 
@@ -38,8 +46,6 @@ All five App-V server components are included in the Microsoft Desktop Optimizat
 
 -   The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
 
-    >**Note**<br>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
-
 In large organizations, you might want to install more than one instance of the server components to get:
 
 - Fault tolerance for situations when one of the servers is unavailable.
@@ -49,14 +55,14 @@ In large organizations, you might want to install more than one instance of the
 - Scalability to support a high load. For example, you can install additional servers behind a network load balancer.
 
 ## App-V standalone deployment
-The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are deployed to a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this topology for larger deployments.
+The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this strategy for larger deployments.
 
 - [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
 
 - [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
 
 ##  App-V Server distributed deployment
-The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V Server components are deployed across multiple computers, based on the structure and requirements of the organization.
+The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V server components are deployed across multiple computers, based on the structure and requirements of the organization.
 
 - [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
 
@@ -69,7 +75,7 @@ The distributed deployment topology can support a large App-V client base and it
 - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
 
 ## Using an Enterprise Software Distribution (ESD) solution and App-V
-You can also deploy the App-V clients and packages by using an ESD without having to deploy App-V. The full capabilities for integration will vary depending on the ESD that you use.
+You can also deploy packages by using an ESD. The full capabilities for integration will vary depending on the ESD that you use.
 
 >**Note**<br>The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
 
@@ -97,10 +103,10 @@ The reporting information will be maintained until it is successfully sent to th
 
 If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V reporting server and it must be deployed separately to generate the associated reports.
 
-For more information, see  [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+For more information, see [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
 
 ## Other resources for the App-V server
 - [Deploying App-V](appv-deploying-appv.md)
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/manage/appv-deployment-checklist.md b/windows/manage/appv-deployment-checklist.md
index 2def234fd2..cf1f4cf23e 100644
--- a/windows/manage/appv-deployment-checklist.md
+++ b/windows/manage/appv-deployment-checklist.md
@@ -11,11 +11,13 @@ ms.prod: w10
 
 # App-V Deployment Checklist
 
+**Applies to**
+-   Windows 10, version 1607
 
 This checklist can be used to help you during an App-V deployment.
 
-> [!NOTE]
-> This checklist outlines the recommended steps and a high-level list of items to consider when deploying App-V features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use.
+>**Note**<br>
+This checklist outlines the recommended steps and items to consider when deploying App-V features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
 
 <table>
 <colgroup>
@@ -41,7 +43,7 @@ This checklist can be used to help you during an App-V deployment.
 </tr>
 <tr class="even">
 <td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Review the App-V supported configurations information to make sure selected client and server computers are supported for App-V feature installation.</p></td>
+<td align="left"><p>Review the App-V supported configurations information.</p></td>
 <td align="left"><p>[App-V Supported Configurations](appv-supported-configurations.md)</p></td>
 <td align="left"><p></p></td>
 </tr>
@@ -69,7 +71,7 @@ This checklist can be used to help you during an App-V deployment.
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-dynamic-configuration.md b/windows/manage/appv-dynamic-configuration.md
index 9f39eb5a86..410da69b63 100644
--- a/windows/manage/appv-dynamic-configuration.md
+++ b/windows/manage/appv-dynamic-configuration.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # About App-V Dynamic Configuration
 
+**Applies to**
+-   Windows 10, version 1607
+
 You can use the dynamic configuration to customize an App-V package for a user. Use the following information to create or edit an existing dynamic configuration file.
 
 When you edit the dynamic configuration file it customizes how an App-V package will run for a user or group. This helps to provide a more convenient method for package customization by removing the need to re-sequence packages using the desired settings, and provides a way to keep package content and custom settings independent.
@@ -636,7 +639,7 @@ The following table describes the various script events and the context under wh
 
 ### Using multiple scripts on a single event trigger
 
-App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is installed as part of the App-V client installation.
+App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is included in the App-V client.
 
 **How to use multiple scripts on a single event trigger:**
 
@@ -683,10 +686,10 @@ Using the following example file and table, modify the deployment or user config
 </tr>
 <tr class="even">
 <td align="left"><p><code><Path>ScriptRunner.exe</Path></code></p></td>
-<td align="left"><p>The script launcher application that is installed as part of the App-V client installation.</p>
+<td align="left"><p>The script launcher application that is included in the App-V client.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.</p>
+<p>Although ScriptRunner.exe is included in the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.</p>
 </div>
 <div>
  
@@ -731,12 +734,12 @@ To create the file manually, the information above in previous sections can be c
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-[How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
+[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
 
-[How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
+[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
 
 [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index bf8851078f..bdf05bd7cd 100644
--- a/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Enable Only Administrators to Publish Packages by Using an ESD
 
+**Applies to**
+-   Windows 10, version 1607
 
 Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks.
 
@@ -18,19 +20,12 @@ Starting in App-V 5.0 SP3, you can configure the App-V client so that only admin
 
 1.  Navigate to the following Group Policy Object node:
 
-    **Computer Configuration &gt; Policies &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
+    **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
 
 2.  Enable the **Require publish as administrator** Group Policy setting.
 
-    To alternatively use PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
-
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
- 
-
- 
-
-
-
+    To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
 
+## Have a suggestion for App-V?
 
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 7451d59112..084189822a 100644
--- a/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Enable Reporting on the App-V Client by Using PowerShell (Windows 10)
-description: How to Enable Reporting on the App-V Client by Using PowerShell
+title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
+description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,8 +9,10 @@ ms.prod: w10
 ---
 
 
-# How to Enable Reporting on the App-V Client by Using PowerShell
+# How to Enable Reporting on the App-V Client by Using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to configure the App-V for reporting.
 
@@ -18,12 +20,12 @@ Use the following procedure to configure the App-V for reporting.
 
 1.  Enable the App-V client. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
-2.  After you have enabled the App-V client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings:
+2.  After you have enabled the App-V client, use the **Set-AppvClientConfiguration** cmdlet to configure appropriate Reporting Configuration settings:
 
     <table>
     <colgroup>
-    <col width="50%" />
-    <col width="50%" />
+    <col width="30%" />
+    <col width="70%" />
     </colgroup>
     <thead>
     <tr class="header">
@@ -74,14 +76,14 @@ Use the following procedure to configure the App-V for reporting.
 
 3.  After the appropriate settings have been configured, the computer running the App-V client will automatically collect data and will send the data back to the reporting server.
 
-    Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet.
+    Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** cmdlet.
 
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
 
-[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-enable-the-app-v-desktop-client.md b/windows/manage/appv-enable-the-app-v-desktop-client.md
index fe8bc4ffdc..7231debe95 100644
--- a/windows/manage/appv-enable-the-app-v-desktop-client.md
+++ b/windows/manage/appv-enable-the-app-v-desktop-client.md
@@ -1,6 +1,6 @@
 ---
-title: Enable the App-V desktop client (Windows 10)
-description: Enable the App-V desktop client
+title: Enable the App-V in-box client (Windows 10)
+description: How to enable the App-V in-box client installed with Windows 10.
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -8,15 +8,18 @@ ms.sitesec: library
 ms.prod: w10
 ---
 
-# Enable the App-V desktop client
+# Enable the App-V in-box client
+
+**Applies to**
+-   Windows 10, version 1607
 
 The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
 
-With Windows 10, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell.
+With Windows 10, version 1607, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell.
 
 **To enable the App-V client with Group Policy:**
 
-1.  Open the device’s **Local Group Policy Editor**.
+1.  Open the device’s **Group Policy Editor**.
 
 2.  Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
 
@@ -28,14 +31,23 @@ With Windows 10, the App-V client is installed automatically. You need to enable
 
 1.  Open Windows PowerShell.
 
-2.  Type `Enable-Appv` and press Enter.
+2.  Type `Enable-Appv` and press ENTER.
 
 3.  Restart the device.
 
-4.  To verify that the App-V client is enabled on the device, enter **AppvClientEnabled** or **Get-AppvStatus** in Windows PowerShell.
+4.  To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER.
 
-See [Using the client management console](appv-using-the-client-management-console.md) for information about configuring the App-V client.
+
+For information about configuring the App-V client, see:
+
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+
+- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+
+- [Using the client management console](appv-using-the-client-management-console.md)
+
+- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) 
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-evaluating-appv.md b/windows/manage/appv-evaluating-appv.md
index 20d2eba290..c125dd8975 100644
--- a/windows/manage/appv-evaluating-appv.md
+++ b/windows/manage/appv-evaluating-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Evaluating App-V (Windows 10)
-description: Evaluating App-V
+description: Evaluating App-V for Windows 10
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -11,12 +11,14 @@ ms.prod: w10
 
 # Evaluating App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
-Before you deploy pp-V into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V in a lab environment for evaluation purposes only.
+Before you deploy App-V into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V in a lab environment for evaluation purposes only.
 
 ## Configure lab computers for App-V Evaluation
 
-Use the following link for information about setting up the App-V sequencer on a computer in your lab environment.
+Use the following links for information about setting up the App-V sequencer on a computer in your lab environment.
 
 ### Installing the App-V Sequencer and Creating Packages
 
@@ -30,13 +32,13 @@ Use the following links for information about setting up the App-V sequencer and
 
 Use the following links for information about setting up the App-V server in your lab environment.
 
--   [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+-   [How to Deploy the App-V server](appv-deploy-the-appv-server.md)
 
 -   [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
 
-### Installing the App-V Client
+### Enabling the App-V Client
 
-Use the following link for more information about creating and managing virtualized packages in your lab environment.
+Use the following links for more information about creating and managing virtualized packages in your lab environment.
 
 -   [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
 
@@ -44,7 +46,7 @@ Use the following link for more information about creating and managing virtuali
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-for-windows.md b/windows/manage/appv-for-windows.md
index d127094cb6..aa08aead59 100644
--- a/windows/manage/appv-for-windows.md
+++ b/windows/manage/appv-for-windows.md
@@ -11,15 +11,16 @@ ms.prod: w10
 
 # Application Virtualization (App-V) for Windows 10 overview
 
+**Applies to**
+-   Windows 10, version 1607
 
-The topics in this section provides information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.
+The topics in this section provide information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.
 
 [Getting Started with App-V](appv-getting-started.md)  
 
-- [About App-V](appv-about-appv.md)
+- [What's new in App-V](appv-about-appv.md)
 - [Evaluating App-V](appv-evaluating-appv.md)
 - [High Level Architecture for App-V](appv-high-level-architecture.md)
-- [Accessibility for App-V](appv-accessibility.md)
 
 [Planning for App-V](appv-planning-for-appv.md)  
 
@@ -31,7 +32,7 @@ The topics in this section provides information and step-by-step procedures to h
 
 [Deploying App-V](appv-deploying-appv.md)  
 
-- [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md)
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
 - [Deploying the App-V Server](appv-deploying-the-appv-server.md)
 - [App-V Deployment Checklist](appv-deployment-checklist.md)
 - [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
@@ -46,7 +47,7 @@ The topics in this section provides information and step-by-step procedures to h
 - [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
 - [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
 - [Maintaining App-V](appv-maintaining-appv.md)
-- [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
+- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
 
 [Troubleshooting App-V](appv-troubleshooting.md)  
 
@@ -57,6 +58,6 @@ The topics in this section provides information and step-by-step procedures to h
 - [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
 - [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
 
-### Have a suggestion for App-V?
+## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-getting-started.md b/windows/manage/appv-getting-started.md
index 2e33f78295..9a7b624486 100644
--- a/windows/manage/appv-getting-started.md
+++ b/windows/manage/appv-getting-started.md
@@ -1,6 +1,6 @@
 ---
 title: Getting Started with App-V (Windows 10)
-description: Getting Started with App-V
+description: Getting Started with App-V for Windows 10
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,9 +9,12 @@ ms.prod: w10
 ---
 
 
-# Getting Started with App-V
+# Getting Started with App-V for Windows 10
 
-Microsoft Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
 
 With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
 
@@ -30,18 +33,18 @@ To start using App-V to deliver virtual applications to users, you’ll need to
 
 | Component  | What it does     | Where to find it     |
 |------------|--|------|
-| App-V server components         | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](#_Deploying_the_App-V). | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). <br>You must have a MSDN subscription to download the MDOP ISO package.<br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components. |
-| App-V client and App-V Remote Desktop Services (RDS) client       | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10. <br>For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
-| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit).  |
+| App-V server components         | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).<br><br>**Note** If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:<br><br> - The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.<br><br> -  The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).<br><br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components. 
+| App-V client and App-V Remote Desktop Services (RDS) client       | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607. <br><br>For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
+| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
 
-For more information about these elements, see [High Level Architecture for App-V](appv-high-level-architecture.md).
+For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
 
 If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For information about Microsoft training opportunities, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
 
 ## Getting started with App-V
 
 
--   [About App-V](appv-about-appv.md)
+-   [What's new in App-V](appv-about-appv.md)
 
     Provides a high-level overview of App-V and how it can be used in your organization.
 
@@ -53,10 +56,6 @@ If you are new to this product, we recommend that you read the documentation tho
 
     Provides a description of the App-V features and how they work together.
 
--   [Accessibility for App-V](appv-accessibility.md)
-
-    Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities.
-
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
 
@@ -74,5 +73,5 @@ If you are new to this product, we recommend that you read the documentation tho
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
diff --git a/windows/manage/appv-high-level-architecture.md b/windows/manage/appv-high-level-architecture.md
index 396b92d811..b44b2ca181 100644
--- a/windows/manage/appv-high-level-architecture.md
+++ b/windows/manage/appv-high-level-architecture.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # High Level Architecture for App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following information to help you simplify you Microsoft Application Virtualization (App-V) deployment.
 
@@ -21,8 +23,8 @@ A typical App-V implementation consists of the following elements.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -65,7 +67,7 @@ If you are using App-V with Electronic Software Distribution (ESD) you are not r
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md b/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md
index fb6da496d4..77ee61220b 100644
--- a/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md
+++ b/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md
@@ -1,29 +1,4 @@
 ---
 title: How to Install the App-V Client for Shared Content Store Mode (Windows 10)
-description: How to Install the App-V Client for Shared Content Store Mode
-author: MaggiePucciEvans
-ms.pagetype: mdop, appcompat, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w10
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client
 ---
-
-
-# How to Install the App-V Client for Shared Content Store Mode
-
-
-Use the following procedure to install the Microsoft Application Virtualization (App-V) client so that it uses the App-V Shared Content Store (SCS) mode. You should ensure that all required prerequisites are installed on the computer you plan to install to. Use the following link to see [App-V Prerequisites](appv-prerequisites.md).
-
-**Enable the App-V client for SCS mode**
-
-1.  In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
-
-2.  Enable the **Set the Shared Content Mode (SCS) mode** setting.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Related topics
-
-- [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index 7bb1ffa822..60cde870db 100644
--- a/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell (Windows 10)
-description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
+title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
+description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,10 +9,12 @@ ms.prod: w10
 ---
 
 
-# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
+# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
 
+**Applies to**
+-   Windows Server 2016
 
-Use the following PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts.
+Use the following Windows PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts.
 
 Before attempting this procedure, you should read and understand the information and examples displayed in the following list:
 
@@ -32,336 +34,97 @@ Before attempting this procedure, you should read and understand the information
 
 **To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)**
 
-1.  Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
+1.  Copy the following script into a text editor and save it as a Windows PowerShell script file, for example **ConvertToSIDs.ps1**.
 
-2.  To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
+2.  To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
 
     ``` syntax
     <#
-    ```
-
-    ``` syntax
     .SYNOPSIS
-    ```
-
-    ``` syntax
-    This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
-    ```
-
-    ``` syntax
+    This Windows PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
     .DESCRIPTION
-    ```
-
-    ``` syntax
-    This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
-    ```
-
-    ``` syntax
+    This is a Windows PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
     .INPUTS
-    ```
-
-    ``` syntax
     The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
-    ```
-
-    ``` syntax
     .OUTPUTS
-    ```
-
-    ``` syntax
     A list of account names with the corresponding SID in standard and hexadecimal formats
-    ```
-
-    ``` syntax
     .EXAMPLE
-    ```
-
-    ``` syntax
     .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
-    ```
-
-    ``` syntax
     .EXAMPLE
-    ```
-
-    ``` syntax
     $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
-    ```
-
-    ``` syntax
     .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
-    ```
-
-    ``` syntax
-#>
-    ```
-
-    ``` syntax
-    ```
+    #>
 
     []()  
 
     []()  
-
-    ``` syntax
     function ConvertSIDToHexFormat
-    ```
-
     {
-
-       param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
-
-    ``` syntax
-    ```
-
-    ``` syntax
+       param([System.Security.Principal.SecurityIdentifier]$sidToConvert)
        $sb = New-Object System.Text.StringBuilder
-    ```
-
-    ``` syntax
         [int] $binLength = $sidToConvert.BinaryLength
-    ```
-
-    ``` syntax
         [Byte[]] $byteArray = New-Object Byte[] $binLength
-    ```
-
-    ``` syntax
        $sidToConvert.GetBinaryForm($byteArray, 0)
-    ```
-
-    ``` syntax
        foreach($byte in $byteArray)
-    ```
-
-    ``` syntax
        {
-    ```
-
-    ``` syntax
        $sb.Append($byte.ToString("X2")) |Out-Null
-    ```
-
-    ``` syntax
        }
-    ```
-
-    ``` syntax
        return $sb.ToString()
-    ```
-
-    ``` syntax
     }
-    ```
-
-    ``` syntax
      [string[]]$myArgs = $args
-    ```
-
-    ``` syntax
     if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
-    ```
-
     {
-
-    ``` syntax
      [string]::Format("{0}====== Description ======{0}{0}" +
-    ```
-
-    ``` syntax
     "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
-    ```
-
-    ``` syntax
                    "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
-    ```
-
-    ``` syntax
                    "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
-    ```
-
-    ``` syntax
-                   "  And can be written out to a file using standard PowerShell redirection{0}" +
-    ```
-
-    ``` syntax
+                   "  And can be written out to a file using standard Windows PowerShell redirection{0}" +
                    "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 
-    ```
-
-    ``` syntax
                    "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
-    ```
-
-    ``` syntax
                    "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 
-    ```
-
-    ``` syntax
                    "{0}====== Arguments ======{0}" +
-    ```
-
-    ``` syntax
                    "{0}  /?    Show this help message", [Environment]::NewLine) 
-    ```
-
-    ``` syntax
     {
-    ```
-
-    ``` syntax
     else
-    ```
-
-    ``` syntax
     {  
         #If an array was passed in, try to split it
-    ```
-
-    ``` syntax
         if($myArgs.Length -eq 1)
-    ```
-
-    ``` syntax
         {
-    ```
-
-    ``` syntax
             $myArgs = $myArgs.Split(' ')
-    ```
-
-    ``` syntax
         }
-    ```
-
-    ``` syntax
 
         #Parse the arguments for account names
-    ```
-
-    ``` syntax
         foreach($accountName in $myArgs)
-    ```
-
-    ``` syntax
         {    
-    ```
-
-    ``` syntax
             [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
-    ```
-
-    ``` syntax
             if($splitString.Length -ne 2)
-    ```
-
-    ``` syntax
             {
-    ```
-
-    ``` syntax
                 $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
-    ```
-
-    ``` syntax
                 Write-Error -Message $message
-    ```
-
-    ``` syntax
                 continue
-    ```
-
-    ``` syntax
             }
-    ```
-
-    ``` syntax
-            
-    ```
-
-    ``` syntax
             #Convert any account names to SIDs
-    ```
-
-    ``` syntax
             try
-    ```
-
-    ``` syntax
             {
-    ```
-
-    ``` syntax
                 [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
-    ```
-
-    ``` syntax
                 [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
-    ```
-
-    ``` syntax
             }
-    ```
-
-    ``` syntax
             catch [System.Security.Principal.IdentityNotMappedException]
-    ```
-
-    ``` syntax
             {
-    ```
-
-    ``` syntax
                 $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
-    ```
-
-    ``` syntax
                 Write-Error -Message $message
-    ```
-
-    ``` syntax
                 continue
-    ```
-
-    ``` syntax
             }
-    ```
-
-    ``` syntax
 
             #Convert regular SID to binary format used by SQL
-    ```
-
-    ``` syntax
             $hexSIDString = ConvertSIDToHexFormat $SID
-    ```
-
-    ``` syntax
-            
             $SIDs = New-Object PSObject
-    ```
-
-    ``` syntax
             $SIDs | Add-Member NoteProperty Account $accountName
-    ```
-
-    ``` syntax
             $SIDs | Add-Member NoteProperty SID $SID.ToString()
-    ```
-
-    ``` syntax
             $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
-    ```
-
-    ``` syntax
 
             Write-Output $SIDs
-    ```
-
-    ``` syntax
         }
-    ```
-
-    ``` syntax
     }
     ```
 
@@ -373,18 +136,10 @@ Before attempting this procedure, you should read and understand the information
 
     **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
-[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
-
- 
-
- 
-
-
-
-
-
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index f9978a7b46..d4cf994c82 100644
--- a/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,6 +1,6 @@
 ---
 title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services (Windows 10)
-description: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
+description: How to install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -11,14 +11,14 @@ ms.prod: w10
 
 # How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
 
+**Applies to**
+-   Windows Server 2016
 
 Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
 
-**Note**  
+>**Note**  
 After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
 
- 
-
 **To install the management database and the management server on separate computers**
 
 1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
@@ -39,12 +39,8 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 7.  On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
 
-    **Note**  
-    If you plan to deploy the management server on the same computer you must select **Use this local computer**.
-
-     
-
-    Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
+    >**Note**  
+    If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
 
 8.  To start the installation, click **Install**.
 
@@ -66,14 +62,10 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
     If you are using a custom database name, then select **Custom configuration** and type the database name.
 
-7.  On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
+7.  On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: Domain\\MachineAccount.
 
     **Note**  
-    If you plan to deploy the reporting server on the same computer you must select **Use this local computer**.
-
-     
-
-    Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
+    If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
 
 8.  To start the installation, click **Install**.
 
@@ -83,7 +75,7 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 
 2.  To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
 
-    **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**.
+    **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**
 
 3.  After the extraction has been completed, to access the App-V database scripts and instructions readme file:
 
@@ -94,24 +86,14 @@ After you complete the deployment, the **Microsoft SQL Server name**, **instance
 4.  For each database, copy the scripts to a share and modify them following the instructions in the readme file.
 
     **Note**  
-    For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
-
-     
+    For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).     
 
 5.  Run the scripts on the computer running Microsoft SQL Server.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Deploying App-V](appv-deploying-appv.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md
index de8e7c0416..1c9adffb02 100644
--- a/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to install the Management Server on a Standalone Computer and Connect it to the Database
 
+**Applies to**
+-   Windows Server 2016
 
 Use the following procedure to install the management server on a standalone computer and connect it to the database.
 
@@ -28,14 +30,8 @@ Use the following procedure to install the management server on a standalone com
 
 6.  On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
 
-    **Note**  
-    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**.
-
-     
-
-    For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
-
-    Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
+    >**Note**  
+    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
 
 7.  On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
 
@@ -45,7 +41,9 @@ Use the following procedure to install the management server on a standalone com
 
 9.  To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?  
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md
index f9f66a2120..d28bc0298f 100644
--- a/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -1,6 +1,6 @@
 ---
 title: How to Install the Publishing Server on a Remote Computer (Windows 10)
-description: How to Install the Publishing Server on a Remote Computer
+description: How to Install the App-V Publishing Server on a Remote Computer
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Install the Publishing Server on a Remote Computer
 
+**Applies to**
+-   Windows Server 2016
 
 Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available.
 
@@ -44,25 +46,29 @@ Use the following procedure to install the publishing server on a separate compu
 
     3.  Type the name of this server and a description (if required) and click **Add**.
 
-9.  To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
+9.  To verify that the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
 
-    `<Publishing Protocol="1.0">`
+    ```syntax
+    <Publishing Protocol="1.0">
+    
+        <Packages>
 
-    `  <Packages>`
+        <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />
+        
+        </Packages>
 
-    `  <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />`
+        <NoGroup>
 
-    `  </Packages>`
+        <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />
 
-    `  <NoGroup>`
+        </NoGroup>
 
-    `  <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />`
+    </Publishing>
+    ```
 
-    `  </NoGroup>`
+## Have a suggestion for App-V? 
 
-    `</Publishing>`
-
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md
index 5fbc775cc8..10915488b0 100644
--- a/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,6 +1,6 @@
 ---
 title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database (Windows 10)
-description: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
+description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -11,13 +11,12 @@ ms.prod: w10
 
 # How to install the Reporting Server on a Standalone Computer and Connect it to the Database
 
+**Applies to**
+-   Windows Server 2016
 
 Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
 
-**Important**  
-Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md).
-
- 
+> **Important**&nbsp;&nbsp;Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md).
 
 **To install the reporting server on a standalone computer and connect it to the database**
 
@@ -34,13 +33,7 @@ Before performing the following procedure you should read and understand [About
 6.  On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
 
     **Note**  
-    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**.
-
-     
-
-    For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance.
-
-    Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
+    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
 
 7.  On the **Configure Reporting Server Configuration** page.
 
@@ -50,7 +43,9 @@ Before performing the following procedure you should read and understand [About
 
 8.  Click **Install**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
@@ -59,13 +54,4 @@ Before performing the following procedure you should read and understand [About
 
 [Deploying App-V](appv-deploying-appv.md)
 
-[How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
-
- 
-
- 
-
-
-
-
-
+[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
diff --git a/windows/manage/appv-install-the-sequencer.md b/windows/manage/appv-install-the-sequencer.md
index 19d09c9a09..a84655d47d 100644
--- a/windows/manage/appv-install-the-sequencer.md
+++ b/windows/manage/appv-install-the-sequencer.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # Install the App-V Sequencer
 
+**Applies to**
+-   Windows 10, version 1607
+
 Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
 
 The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
@@ -51,7 +54,7 @@ For more information regarding the sequencer installation, you can view the erro
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index 110f5d08a1..2c29e70fd9 100644
--- a/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -1,6 +1,6 @@
 ---
-title: How to Load the PowerShell Cmdlets and Get Cmdlet Help (Windows 10)
-description: How to Load the PowerShell Cmdlets and Get Cmdlet Help
+title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
+description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,23 +9,25 @@ ms.prod: w10
 ---
 
 
-# How to Load the PowerShell Cmdlets and Get Cmdlet Help
+# How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
 
+**Applies to**
+-   Windows 10, version 1607
 
 What this topic covers:
 
--   [Requirements for using PowerShell cmdlets](#bkmk-reqs-using-posh)
+-   [Requirements for using Windows PowerShell cmdlets](#bkmk-reqs-using-posh)
 
--   [Loading the PowerShell cmdlets](#bkmk-load-cmdlets)
+-   [Loading the Windows PowerShell cmdlets](#bkmk-load-cmdlets)
 
--   [Getting help for the PowerShell cmdlets](#bkmk-get-cmdlet-help)
+-   [Getting help for the Windows PowerShell cmdlets](#bkmk-get-cmdlet-help)
 
--   [Displaying the help for a PowerShell cmdlet](#bkmk-display-help-cmdlet)
+-   [Displaying the help for a Windows PowerShell cmdlet](#bkmk-display-help-cmdlet)
 
-## <a href="" id="bkmk-reqs-using-posh"></a>Requirements for using PowerShell cmdlets
+## <a href="" id="bkmk-reqs-using-posh"></a>Requirements for using Windows PowerShell cmdlets
 
 
-Review the following requirements for using the App-V PowerShell cmdlets:
+Review the following requirements for using the Windows PowerShell cmdlets:
 
 <table>
 <colgroup>
@@ -71,42 +73,23 @@ Review the following requirements for using the App-V PowerShell cmdlets:
 <li><p>Unpublish-AppvClientPackage</p></li>
 </ul>
 <p>To configure these cmdlets to require an elevated command prompt, use one of the following methods:</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Method</th>
-<th align="left">More resources</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p></td>
-<td align="left"><ul>
-<li><p>[How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md#bkmk-admin-only-posh-topic-cg)</p></li>
-<li><p>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs)</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Enable the “Require publish as administrator” Group Policy setting for App-V Clients.</p></td>
-<td align="left"><p>[How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md#bkmk-admin-pub-pkg-only-posh)</p></td>
-</tr>
-</tbody>
-</table>
-<p> </p></td>
+<ul>
+<li><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p>
+<p>For more information, see:<br>[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md#bkmk-admin-only-posh-topic-cg)<br>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).</p></li>
+<li><p>Enable the “Require publish as administrator” Group Policy setting for App-V Clients.</p>
+<p>For more information, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md#bkmk-admin-pub-pkg-only-posh)</p></li>
+</ul>
+</td>
 </tr>
 </tbody>
 </table>
 
  
 
-## <a href="" id="bkmk-load-cmdlets"></a>Loading the PowerShell cmdlets
+## <a href="" id="bkmk-load-cmdlets"></a>Loading the Windows PowerShell cmdlets
 
 
-To load the PowerShell cmdlet modules:
+To load the Windows PowerShell cmdlet modules:
 
 1.  Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
 
@@ -141,30 +124,12 @@ To load the PowerShell cmdlet modules:
 
  
 
-## <a href="" id="bkmk-get-cmdlet-help"></a>Getting help for the PowerShell cmdlets
-
+## <a href="" id="bkmk-get-cmdlet-help"></a>Getting help for the Windows PowerShell cmdlets
 
 Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Format</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>As a downloadable module</p></td>
-<td align="left"><p>To download the latest help after downloading the cmdlet module:</p>
-<ol>
-<li><p>Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).</p></li>
-<li><p>Type one of the following commands to load the cmdlets for the module you want:</p></li>
-</ol>
+- **As a downloadable module**: To download the latest help after downloading the cmdlet module, open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE), and type one of the following commands: 
+
 <table>
 <colgroup>
 <col width="50%" />
@@ -191,33 +156,21 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 </tr>
 </tbody>
 </table>
-<p> </p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>On TechNet as web pages</p></td>
-<td align="left"><p>See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).</p></td>
-</tr>
-</tbody>
-</table>
 
- 
+<br>
 
-## <a href="" id="bkmk-display-help-cmdlet"></a>Displaying the help for a PowerShell cmdlet
+- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).
+
+## <a href="" id="bkmk-display-help-cmdlet"></a>Displaying the help for a Windows PowerShell cmdlet
 
 
-To display help for a specific PowerShell cmdlet:
+To display help for a specific Windows PowerShell cmdlet:
 
 1.  Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
 
 2.  Type **Get-Help** &lt;*cmdlet*&gt;, for example, **Get-Help Publish-AppvClientPackage**.
 
-**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
- 
-
- 
-
-
-
 
+## Have a suggestion for App-V?
 
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-maintaining-appv.md b/windows/manage/appv-maintaining-appv.md
index 6cf35b1731..32dae30bb0 100644
--- a/windows/manage/appv-maintaining-appv.md
+++ b/windows/manage/appv-maintaining-appv.md
@@ -11,27 +11,28 @@ ms.prod: w10
 
 # Maintaining App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
-After you have completed all the necessary planning, and then deployment of App-V, you can use the following information to maintain the App-V infrastructure.
+After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
 
-## <a href="" id="move-the-app-v-5-1-server-"></a>Move the App-V Server
+## Moving the App-V server
 
-
-The App-V server connects to the App-V database. Therefore you can install the management component to any computer on the network and then connect it to the App-V database.
+The App-V server connects to the App-V database. Therefore you can install the management component on any computer on the network and then connect it to the App-V database.
 
 [How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md)
 
-## <a href="" id="determine-if-an-app-v-5-1-application-is-running-virtualized-"></a>Determine if an App-V Application is Running Virtualized
+## <a href="" id="determine-if-an-app-v-application-is-running-virtualized-"></a>Determine if an App-V Application is Running Virtualized
 
 
-Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V or above, should open a named object called **AppVVirtual-&lt;PID&gt;** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual.
+Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V should open a named object called **AppVVirtual-&lt;PID&gt;** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual.
 
-Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V and above, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized.
+Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V 5.1 and later, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized.
 
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for maintaining App-V
 
diff --git a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 9386a9d9b2..694708f484 100644
--- a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell (Windows 10)
-description: How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell
+title: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell (Windows 10)
+description: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,10 +9,13 @@ ms.prod: w10
 ---
 
 
-# How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell
+# How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
 
 
-The following sections explain how to perform various management tasks on a stand-alone client computer by using PowerShell:
+The following sections explain how to perform various management tasks on a stand-alone client computer by using Windows PowerShell:
 
 -   [To return a list of packages](#bkmk-return-pkgs-standalone-posh)
 
@@ -66,8 +69,8 @@ Use the following information to publish a package that has been added to a spec
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -167,24 +170,18 @@ Use the following information to remove a package from the computer.
 **Example**: Remove-AppvClientPackage “ContosoApplication”
 
 **Note**  
-App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](http://go.microsoft.com/fwlink/?LinkId=324466).
+App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
 
  
 
 ## <a href="" id="bkmk-admins-pub-pkgs"></a>To enable only administrators to publish or unpublish packages
 
-
-**Note**  
-**This feature is supported starting in App-V 5.0 SP3.**
-
- 
-
-Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
+Starting in App-V 5.0 SP3, you can use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <tbody>
 <tr class="odd">
@@ -211,12 +208,12 @@ To use the App-V Management console to set this configuration, see [How to Publi
 ## <a href="" id="bkmk-understd-pend-pkgs"></a>Understanding pending packages (UserPending and GlobalPending)
 
 
-**Starting in App-V 5.0 SP2**: If you run a PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows:
+**Starting in App-V 5.0 SP2**: If you run a Windows PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows:
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -271,24 +268,15 @@ The pending task will run later, according to the following rules:
 </tbody>
 </table>
 
- 
+For more information about pending tasks, see [Upgrading an in-use App-V package](appv-application-publishing-and-client-interaction.md#upgrading-an-in-use-app-v-package).
 
-For more information about pending tasks, see [About App-V 5.0 SP2](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks).
+## Have a suggestion for App-V? 
 
-**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
 
-[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
-
- 
-
- 
-
-
-
-
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
 
diff --git a/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index b54a3e959a..3d52191607 100644
--- a/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell (Windows 10)
-description: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
+title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
+description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,12 +9,14 @@ ms.prod: w10
 ---
 
 
-# How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell
+# How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
 
 An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group.
 
-A connection group XML file defines the connection group that runs on the computer where you’ve installed the App-V client. For information about the connection group XML file and how to configure it, see [About the Connection Group File](appv-connection-group-file.md).
+A connection group XML file defines the connection group for the App-V client. For information about the connection group XML file and how to configure it, see [About the Connection Group File](appv-connection-group-file.md).
 
 This topic explains the following procedures:
 
@@ -81,8 +83,8 @@ This topic explains the following procedures:
     <td align="left"><p>Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p>Disable -AppVClientConnectionGroup</p></td>
-    <td align="left"><p>Disable -AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345</p></td>
+    <td align="left"><p>Disable-AppVClientConnectionGroup</p></td>
+    <td align="left"><p>Disable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345</p></td>
     </tr>
     </tbody>
     </table>
@@ -115,32 +117,23 @@ This topic explains the following procedures:
     <tbody>
     <tr class="odd">
     <td align="left"><p>Set-AppvClientConfiguration</p></td>
-    <td align="left"><p>–RequirePublishAsAdmin</p>
+    <td align="left"><p>-RequirePublishAsAdmin</p>
     <ul>
     <li><p>0 - False</p></li>
     <li><p>1 - True</p></li>
     </ul></td>
-    <td align="left"><p>Set-AppvClientConfiguration –RequirePublishAsAdmin1</p></td>
+    <td align="left"><p>Set-AppvClientConfiguration -RequirePublishAsAdmin 1</p></td>
     </tr>
     </tbody>
     </table>
 
-     
+## Have a suggestion for App-V? 
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
 
 [Operations for App-V](appv-operations.md)
 
-[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
-
- 
-
- 
-
-
-
-
-
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-managing-connection-groups.md b/windows/manage/appv-managing-connection-groups.md
index f702b6c319..dad0496d45 100644
--- a/windows/manage/appv-managing-connection-groups.md
+++ b/windows/manage/appv-managing-connection-groups.md
@@ -11,15 +11,15 @@ ms.prod: w10
 
 # Managing Connection Groups
 
+**Applies to**
+-   Windows 10, version 1607
 
 Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer.
 
 **Note**  
 In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition.
 
- 
-
-**In this topic:**
+**In this section:**
 
 <table>
 <colgroup>
@@ -51,7 +51,14 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 <td align="left"><p>[How to Publish a Connection Group](appv-publish-a-connection-group.md)</p></td>
 <td align="left"><p>Explains how to publish a connection group.</p></td>
 </tr>
-</tbody>
+<tr class="odd">
+<td align="left"><p>[How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)</p></td>
+<td align="left"><p>Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)</p></td>
+<td align="left"><p>Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.</p></td>
+</tr></tbody>
 </table>
 
  
@@ -59,7 +66,7 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for App-V connection groups
 
diff --git a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
index 87958fb0dd..ff212a6b60 100644
--- a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,6 +1,6 @@
 ---
 title: Migrating to App-V from a Previous Version (Windows 10)
-description: Migrating to App-V from a Previous Version
+description: Migrating to App-V for Windows 10 from a previous version
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,18 +9,12 @@ ms.prod: w10
 ---
 
 
-# Migrating to App-V from a Previous Version
+# Migrating to App-V from previous versions
 
+**Applies to**
+-   Windows 10, version 1607
 
-With Microsoft Application Virtualization (App-V), you can migrate your existing App-V 4.6 or App-V 5.0 infrastructure to the more flexible, integrated, and easier to manage App-V infrastructure.
-However, you cannot migrate directly from App-V 4.x to App-V, you must migrate to App-V 5.0 first. For more information on migrating from App-V 4.x to App-V 5.0, see [Migrating from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)  
-
-**Note**  
-App-V packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and therefore, there is no need to convert App-V 5.0 packages to App-V packages.
-
-For more information about the differences between App-V 4.6 and App-V, see the **Differences between App-4.6 and App-V 5.0 section** of [About App-V 5.0](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/about-app-v-50).
-
- 
+To migrate from App-V 4.x to App-V for Windows 10, you must upgrade to App-V 5.x first. 
 
 ## <a href="" id="bkmk-pkgconvimprove"></a>Improvements to the App-V Package Converter
 
@@ -36,8 +30,8 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom
 </colgroup>
 <thead>
 <tr class="header">
-<th align="left">New in App-V</th>
-<th align="left">Prior to App-V</th>
+<th align="left">New in App-V for Windows 10</th>
+<th align="left">Prior to App-V for Windows 10</th>
 </tr>
 </thead>
 <tbody>
@@ -168,7 +162,8 @@ ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\
 ## Converting packages created using a prior version of App-V
 
 
-Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion.
+Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses Windows PowerShell to convert packages and can help automate the process if you have many packages that require conversion. App-V packages created with App-V 5.x don't need to be converted.
+
 
 **Important**  
 After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful.
@@ -206,52 +201,15 @@ After you convert an existing package you should test the package prior to deplo
 
  
 
-When converting a package check for failing files or shortcuts. Locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
+When converting a package check for failing files or shortcuts, locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
 
 **Note**  
-It is recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See, [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
+It is recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
 
 If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V sequencer.
 
- 
-
 [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md)
 
-## Migrating Clients
-
-
-The following table displays the recommended method for upgrading clients.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Task</th>
-<th align="left">More Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Upgrade your environment to the latest version of App-V 4.6</p></td>
-<td align="left"><p>[Application Virtualization Deployment and Upgrade Considerations](https://technet.microsoft.com/en-us/itpro/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Sequence and roll out App-V packages. As needed, unpublish App-V 4.6 packages.</p></td>
-<td align="left"><p>[How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-**Important**  
-You must be running the latest version of App-V 4.6 to use coexistence mode. Additionally, when you sequence a package, you must configure the Managing Authority setting, which is in the **User Configuration** is located in the **User Configuration** section.
-
- 
-
 ## Migrating the App-V Server Full Infrastructure
 
 
@@ -270,20 +228,20 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Upgrade your environment to the latest version of App-V 4.6.</p></td>
-<td align="left"><p>[Application Virtualization Deployment and Upgrade Considerations](https://technet.microsoft.com/en-us/itpro/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy).</p></td>
+<td align="left"><p>Review prerequisites.</p></td>
+<td align="left"><p>[App-V Server prerequisite software](appv-prerequisites.md#app-v-server-prerequisite-software).</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>Deploy App-V version of the client.</p></td>
+<td align="left"><p>Enable the App-V client.</p></td>
 <td align="left"><p>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>Install App-V server.</p></td>
+<td align="left"><p>Install App-V Server.</p></td>
 <td align="left"><p>[How to Deploy the App-V Server](appv-deploy-the-appv-server.md).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Migrate existing packages.</p></td>
-<td align="left"><p>See the <strong>Converting packages created using a prior version of App-V</strong> section of this article.</p></td>
+<td align="left"><p>See [Converting packages created using a prior version of App-V](#converting-packages-created-using-a-prior-version-of-app-v) earlier in this topic.</p></td>
 </tr>
 </tbody>
 </table>
@@ -291,10 +249,10 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for performing App-V migration tasks
 
 - [Operations for App-V](appv-operations.md)
 
-- [A simplified Microsoft App-V Management Server upgrade procedure](http://go.microsoft.com/fwlink/p/?LinkId=786330)
+- [A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://blogs.technet.microsoft.com/appv/2015/09/23/a-simplified-microsoft-app-v-5-1-management-server-upgrade-procedure/)
diff --git a/windows/manage/appv-modify-an-existing-virtual-application-package.md b/windows/manage/appv-modify-an-existing-virtual-application-package.md
index b3b9a5bea2..5c84ac6d8d 100644
--- a/windows/manage/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/manage/appv-modify-an-existing-virtual-application-package.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Modify an Existing Virtual Application Package
 
+**Applies to**
+-   Windows 10, version 1607
 
 This topic explains how to:
 
@@ -161,18 +163,10 @@ This topic explains how to:
 
 13. On the **Completion** page, click **Close**. The package is now available in the sequencer.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-modify-client-configuration-with-powershell.md b/windows/manage/appv-modify-client-configuration-with-powershell.md
index 0d76bd1169..ef256839b0 100644
--- a/windows/manage/appv-modify-client-configuration-with-powershell.md
+++ b/windows/manage/appv-modify-client-configuration-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to Modify Client Configuration by Using PowerShell (Windows 10)
-description: How to Modify Client Configuration by Using PowerShell
+title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
+description: How to Modify Client Configuration by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -9,16 +9,16 @@ ms.prod: w10
 ---
 
 
-# How to Modify Client Configuration by Using PowerShell
+# How to Modify Client Configuration by Using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to configure the App-V client configuration.
 
-**To modify App-V client configuration using PowerShell**
+1.  To configure the client settings using Windows PowerShell, use the **Set-AppvClientConfiguration** cmdlet. For more information about installing Windows PowerShell, and a list of cmdlets see, [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md).
 
-1.  To configure the client settings using PowerShell, use the **Set-AppvClientConfiguration** cmdlet. For more information about installing PowerShell, and a list of cmdlets see, [How to Load the PowerShell Cmdlets and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md).
-
-2.  To modify the client configuration, open a PowerShell Command prompt and run the following cmdlet **Set-AppvClientConfiguration** with any required parameters. For example:
+2.  To modify the client configuration, open a Windows PowerShell Command prompt and run **Set-AppvClientConfiguration** with any required parameters. For example:
 
     `$config = Get-AppvClientConfiguration`
 
@@ -26,18 +26,11 @@ Use the following procedure to configure the App-V client configuration.
 
     `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Have a suggestion for App-V? 
+ 
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md b/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md
index a71950444f..5d1058e257 100644
--- a/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md
+++ b/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md
@@ -1,23 +1,4 @@
 ---
 title: How to Modify App-V Client Configuration Using the ADMX Template and Group Policy (Windows 10)
-description: How to Modify App-V Client Configuration Using the ADMX Template and Group Policy
-author: MaggiePucciEvans
-ms.pagetype: mdop, appcompat, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w10
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client
 ---
-
-# How to Modify App-V client configuration using the ADMX template and Group Policy
-
-You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Policies** > **Administrative Templates** > **System** > **App-V**.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Related topics
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [About Client Configuration Settings](appv-client-configuration-settings.md)
diff --git a/windows/manage/appv-move-the-appv-server-to-another-computer.md b/windows/manage/appv-move-the-appv-server-to-another-computer.md
index dbbb6a80a6..f883d31e98 100644
--- a/windows/manage/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/manage/appv-move-the-appv-server-to-another-computer.md
@@ -9,32 +9,26 @@ ms.prod: w10
 ---
 
 
-# How to Move the App-V Server to Another Computer
+# How to move the App-V server to another computer
 
+**Applies to**
+-   Windows Server 2016
 
 Use the following information to create a new management server console in your environment.
 
 ## To create a new management server console
 
 
-The following list displays the steps necessary to create a new management server console:
+Follow these steps to create a new management server console:
 
-1.  Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
+1.  Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V server](appv-deploying-the-appv-server.md).
 
 2.  After you have completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md).
 
-**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-operations.md b/windows/manage/appv-operations.md
index 96cdf448fb..d8fe8b05e6 100644
--- a/windows/manage/appv-operations.md
+++ b/windows/manage/appv-operations.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Operations for App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
 
@@ -41,14 +43,14 @@ This section of the Microsoft Application Virtualization (App-V) Administrator
 
     Provides instructions for migrating to App-V from a previous version.
 
--   [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md)
+-   [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
 
     Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V server tasks.
 
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other Resources for App-V Operations
 
diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md
index d5e0a70918..e0a277bf9c 100644
--- a/windows/manage/appv-performance-guidance.md
+++ b/windows/manage/appv-performance-guidance.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Performance Guidance for Application Virtualization
 
+**Applies to**
+-   Windows 10, version 1607
 
 Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 
@@ -20,14 +22,12 @@ You should read and understand the following information before reading this doc
 
 -   [Application Virtualization (App-V) overview](appv-for-windows.md)
 
--   [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206)
+-   [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
 
--   [Microsoft Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953)
+-   [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760)
 
 **Note**  
-Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
-
- 
+Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk <strong>*</strong> review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
 
 Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI).
 
@@ -35,7 +35,6 @@ To help determine what information is relevant to your environment you should re
 
 ## <a href="" id="---------app-v-5-1-in-stateful--non-persistent-deployments"></a> App-V in stateful\* non-persistent deployments
 
-
 This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience.
 
 Use the information in the following section for more information:
@@ -50,7 +49,7 @@ Use the information in the following section for more information:
 
 -   Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach.
 
--   Use UE-V 2.1 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
+-   Use UE-V as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
 
 [User Experience Walk-through](#bkmk-uewt)
 
@@ -123,7 +122,7 @@ IT Administration
 
  
 
-### <a href="" id="bkmk-us"></a>Usage Scenario
+### <a href="" id="bkmk-us"></a>Usage Scenarios
 
 As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both.
 
@@ -141,9 +140,9 @@ As you review the two scenarios, keep in mind that these approach the extremes.
 <tbody>
 <tr class="odd">
 <td align="left"><p>To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.</p>
-<p>The following describes many performance improvements in stateful non-persistent deployments. For more information, see the <strong>Sequencing Steps to Optimize Packages for Publishing Performance</strong> and reference to <strong>App-V Sequencing Guide</strong> in the <strong>See Also section of this document</strong>.</p></td>
+<p>The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.</p></td>
 <td align="left"><p>The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.</p>
-<p>The impact of this alteration is detailed in the User Experience Walkthrough section of this document.</p></td>
+<p>The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.</p></td>
 </tr>
 </tbody>
 </table>
@@ -171,9 +170,9 @@ The following table displays the required steps to prepare the base image and th
 <tr class="odd">
 <td align="left"><p></p>
 <ul>
-<li><p>Install the App-V client version of the client.</p></li>
-<li><p>Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.</p></li>
-<li><p>Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md).</p></li>
+<li><p>Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).</p></li>
+<li><p>Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.</p></li>
+<li><p>Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).</p></li>
 <li><p>Configure Preserve User Integrations on Login Registry DWORD.</p></li>
 <li><p>Pre-configure all user- and global-targeted packages for example, <strong>Add-AppvClientPackage</strong>.</p></li>
 <li><p>Pre-configure all user- and global-targeted connection groups for example, <strong>Add-AppvClientConnectionGroup</strong>.</p></li>
@@ -191,9 +190,9 @@ The following table displays the required steps to prepare the base image and th
 </ul></td>
 <td align="left"><p></p>
 <ul>
-<li><p>Install the App-V client version of the client.</p></li>
-<li><p>Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.</p></li>
-<li><p>Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md).</p></li>
+<li><p>Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).</p></li>
+<li><p>Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.</p></li>
+<li><p>Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).</p></li>
 <li><p>Configure Preserve User Integrations on Login Registry DWORD.</p></li>
 <li><p>Pre-configure all global-targeted packages for example, <strong>Add-AppvClientPackage</strong>.</p></li>
 <li><p>Pre-configure all global-targeted connection groups for example, <strong>Add-AppvClientConnectionGroup</strong>.</p></li>
@@ -225,8 +224,7 @@ The following table displays the required steps to prepare the base image and th
 <tr class="odd">
 <td align="left"><p>Shared Content Store (SCS) Mode</p>
 <ul>
-<li><p>Configurable in PowerShell using <strong>Set- AppvClientConfiguration</strong> –<strong>SharedContentStoreMode</strong>, or</p></li>
-<li><p>During installation of the App-V client.</p></li>
+<li><p>Configurable in Windows PowerShell with `Set-AppvClientConfiguration -SharedContentStoreMode 1`<br>or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).</p></li>
 </ul></td>
 <td align="left"><p>When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).</p>
 <p>This helps to conserve local storage and minimize disk I/O per second (IOPS).</p></td>
@@ -246,7 +244,7 @@ The following table displays the required steps to prepare the base image and th
 <tr class="odd">
 <td align="left"><p>MaxConcurrentPublishingRefresh</p>
 <ul>
-<li><p>Configure in the Registry under <strong>HKEY_LOCAL_MACHINE</strong> \<strong>Software</strong> \ <strong>Microsoft</strong> \ <strong>AppV</strong> \<strong>Client</strong> \ <strong>Publishing</strong>.</p></li>
+<li><p>Configure in the Registry under <strong>HKEY_LOCAL_MACHINE</strong> \ <strong>Software</strong> \ <strong>Microsoft</strong> \ <strong>AppV</strong> \ <strong>Client</strong> \ <strong>Publishing</strong>.</p></li>
 <li><p>Create the DWORD value <strong>MaxConcurrentPublishingrefresh</strong> with the desired maximum number of concurrent publishing refreshes.</p></li>
 <li><p>The App-V client service and computer do not need to be restarted.</p></li>
 </ul></td>
@@ -261,23 +259,25 @@ The following table displays the required steps to prepare the base image and th
 
 ### Configure UE-V solution for App-V Approach
 
-We recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios.
+We recommend using User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios.
 
-For more information see [Getting Started With User Experience Virtualization 2.0](https://technet.microsoft.com/library/dn458926.aspx)
+For more information, see:
 
-In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458926.aspx).
+- [User Experience Virtualization (UE-V) for Windows 10 overview](uev-for-windows.md)
+
+- [Get Started with UE-V](uev-getting-started.md)
+
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](uev-for-windows.md).
 
 **Note**  
-Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
+Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
 
-UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following 2 scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
+UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
 
 -   If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled.
 
 -   If a user has an application installed on one device but not another with .lnk files enabled.
 
- 
-
 **Important**  
 This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
 
@@ -285,7 +285,7 @@ This topic describes how to change the Windows registry by using Registry Editor
 
 Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types.
 
-**Configure other User Profile Management (UPM) solution for App-V Approach**
+## Configure other User Profile Management (UPM) solutions for App-V Approach
 
 The expectation in a stateful environment is that a UPM solution is implemented and can support persistence of user data across sessions and between logins.
 
@@ -310,9 +310,9 @@ To enable an optimized login experience, for example the App-V approach for the
 
 With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created.
 
-In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. With Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
+In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. Starting with Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
 
-**User Integrations**
+### User Integrations
 
 Registry – HKEY\_CURRENT\_USER
 
@@ -324,7 +324,7 @@ Registry – HKEY\_CURRENT\_USER
 
 -   Path- Software\\Microsoft\\Windows\\CurrentVersion\\App Paths
 
-**File Locations**
+### File Locations
 
 -   Root – “Environment Variable” APPDATA
 
@@ -342,12 +342,6 @@ Registry – HKEY\_CURRENT\_USER
 
     Root - “KnownFolder” {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}FileMask - \*.lnk
 
-**Microsoft User Experience Virtualization (UE-V)**
-
-Additionally, we recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions.
-
-For more information see [Getting Started With User Experience Virtualization 1.0](http://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](http://technet.microsoft.com/library/jj679972.aspx).
-
 ### <a href="" id="bkmk-uewt"></a>User Experience Walk-through
 
 This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect.
@@ -446,13 +440,11 @@ In a non-persistent environment, it is unlikely these pended operations will be
 
 The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance.
 
-**.NET NGEN Blog and Script (Highly Recommended)**
+<!-- Following bold text used to say **.NET NGEN Blog and Script (Highly Recommended)**  but the script doesn't seem to exist any more. The link to the script was [Script](http://aka.ms/DrainNGenQueue)  -->
 
-About NGEN technology
+**.NET NGEN Blog (Highly Recommended)**
 
--   [How to speed up NGEN optimaztion](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
-
--   [Script](http://aka.ms/DrainNGenQueue)
+-   [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
 
 **Windows Server and Server Roles**
 
@@ -486,7 +478,6 @@ Server Performance Tuning Guidelines for
 
 ## Sequencing Steps to Optimize Packages for Publishing Performance
 
-
 Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations.
 
 <table>
@@ -507,7 +498,7 @@ Several App-V features facilitate new scenarios or enable new customer deploymen
 <tbody>
 <tr class="odd">
 <td align="left"><p>No Feature Block 1 (FB1, also known as Primary FB)</p></td>
-<td align="left"><p>No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch.If there are network limitations, FB1 will:</p>
+<td align="left"><p>No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:</p>
 <ul>
 <li><p>Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.</p></li>
 <li><p>Delay launch until the entire FB1 has been streamed.</p></li>
@@ -540,9 +531,9 @@ Removing FB1 does not require the original application installer. After completi
 
 3.  Move to **Create Package**.
 
-**PowerShell** - Update an Existing Virtual Application Package.
+**Windows PowerShell** - Update an Existing Virtual Application Package.
 
-1.  Open an elevated PowerShell session.
+1.  Open an elevated Windows PowerShell session.
 
 2.  Import-module **appvsequencer**.
 
@@ -623,7 +614,7 @@ When publishing a virtual application package, the App-V Client will detect if a
 
  
 
-### Disabling a Dynamic Configuration using Powershell
+### Disabling a Dynamic Configuration by using Windows Powershell
 
 -   For already published packages, you can use `Set-AppVClientPackage –Name Myapp –Path c:\Packages\Apps\MyApp.appv` without
 
@@ -635,9 +626,9 @@ When publishing a virtual application package, the App-V Client will detect if a
 
 For documentation on How to Apply a Dynamic Configuration, see:
 
--   [How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
+-   [How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
 
--   [How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
+-   [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
 
 <table>
 <colgroup>
@@ -657,7 +648,7 @@ For documentation on How to Apply a Dynamic Configuration, see:
 <tbody>
 <tr class="odd">
 <td align="left"><p>Account for Synchronous Script Execution during Package Lifecycle.</p></td>
-<td align="left"><p>If script collateral is embedded in the package, Add (Powershell) may be significantly slower.</p>
+<td align="left"><p>If script collateral is embedded in the package, Add cmdlets may be significantly slower.</p>
 <p>Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.</p></td>
 <td align="left"><p>Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.</p></td>
 <td align="left"><p>This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.</p></td>
@@ -681,18 +672,15 @@ For documentation on How to Apply a Dynamic Configuration, see:
 
 -   Open AppxManifest.xml and locate the following:
 
-    &lt;appv:Extension Category="AppV.Fonts"&gt;
+    ```
+    <appv:Extension Category="AppV.Fonts">
+    <appv:Fonts>
+    <appv:Font Path="[{Fonts}]\private\CalibriL.ttf" DelayLoad="true"></appv:Font>
+    </appv:Fonts>
+    ```
 
-    &lt;appv:Fonts&gt;
+    **Note**&nbsp;&nbsp;If there are fonts marked as **DelayLoad**, those will not impact first launch.
 
-    &lt;appv:Font Path="\[{Fonts}\]\\private\\CalibriL.ttf" DelayLoad="true"&gt;&lt;/appv:Font&gt;
-
-    **Note**  
-    If there are fonts marked as **DelayLoad**, those will not impact first launch.
-
-     
-
-    &lt;/appv:Fonts&gt;
 
 ### Excluding virtual fonts from the package
 
@@ -702,11 +690,11 @@ Use the dynamic configuration file that best suits the user scope – deployment
 
 Fonts
 
---&gt;
-
-&lt;Fonts Enabled="false" /&gt;
-
-&lt;!--
+```
+-->
+<Fonts Enabled="false" />
+<!--
+```
 
 ## <a href="" id="bkmk-terms1"></a> App-V Performance Guidance Terminology
 
@@ -733,7 +721,7 @@ The following terms are used when describing concepts and actions related to App
 
     -   From the point that users initiate a log-in to when they are able to manipulate the desktop.
 
-    -   From the point where the desktop can be interacted with to the point a publishing refresh begins (in PowerShell terms, sync) when using the App-V full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage Powershell** commands are initiated.
+    -   From the point where the desktop can be interacted with to the point a publishing refresh begins (in Windows PowerShell terms, sync) when using the App-V full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage** Windows Powershell commands are initiated.
 
     -   From start to completion of the publishing refresh. In standalone instances, this is the first to last virtual application published.
 
@@ -743,19 +731,8 @@ The following terms are used when describing concepts and actions related to App
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Application Virtualization (App-V) overview](appv-for-windows.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-planning-checklist.md b/windows/manage/appv-planning-checklist.md
index 91d7f0fe4e..34315d038a 100644
--- a/windows/manage/appv-planning-checklist.md
+++ b/windows/manage/appv-planning-checklist.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # App-V Planning Checklist
 
+**Applies to**
+-   Windows 10, version 1607
 
 This checklist can be used to help you plan for preparing your organization for an App-V deployment.
 
@@ -41,7 +43,7 @@ This checklist can be used to help you plan for preparing your organization for
 </tr>
 <tr class="even">
 <td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Plan for App-V 1.0 Deployment Prerequisites and prepare your computing environment.</p></td>
+<td align="left"><p>Plan for App-V deployment prerequisites and prepare your computing environment.</p></td>
 <td align="left"><p>[App-V Prerequisites](appv-prerequisites.md)</p></td>
 <td align="left"><p></p></td>
 </tr>
@@ -60,13 +62,13 @@ This checklist can be used to help you plan for preparing your organization for
 <tr class="odd">
 <td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
 <td align="left"><p>If applicable, review the options and steps for migrating from a previous version of App-V.</p></td>
-<td align="left"><p>[Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)</p></td>
+<td align="left"><p>[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
-<td align="left"><p>Plan for running App-V clients using in shared content store mode.</p></td>
-<td align="left"><p>[How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md)</p></td>
+<td align="left"><p>Decide whether to configure App-V clients in Shared Content Store mode.</p></td>
+<td align="left"><p>[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)</p></td>
 <td align="left"><p></p></td>
 </tr>
 </tbody>
@@ -74,7 +76,7 @@ This checklist can be used to help you plan for preparing your organization for
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-planning-folder-redirection-with-appv.md b/windows/manage/appv-planning-folder-redirection-with-appv.md
index ed2d892f9f..fbbe90799e 100644
--- a/windows/manage/appv-planning-folder-redirection-with-appv.md
+++ b/windows/manage/appv-planning-folder-redirection-with-appv.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # Planning to Use Folder Redirection with App-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
 
 This topic contains the following sections:
@@ -113,8 +116,8 @@ The following table describes how folder redirection works when %AppData% is red
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <tbody>
 <tr class="odd">
@@ -143,4 +146,4 @@ The following table describes how folder redirection works when %AppData% is red
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-planning-for-appv-server-deployment.md b/windows/manage/appv-planning-for-appv-server-deployment.md
index 982d10f933..ecaa45a9f1 100644
--- a/windows/manage/appv-planning-for-appv-server-deployment.md
+++ b/windows/manage/appv-planning-for-appv-server-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Planning for the App-V Server Deployment (Windows 10)
-description: Planning for the App-V Server Deployment
+description: Planning for the App-V 5.1 Server Deployment
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Planning for the App-V Server Deployment
 
+**Applies to**
+-   Windows Server 2016
 
 The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise.
 
@@ -92,25 +94,13 @@ The following displays information about server-related protocols used by the Ap
 </tbody>
 </table>
 
- 
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
 
 [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-planning-for-appv.md b/windows/manage/appv-planning-for-appv.md
index 3ffee286de..9024c14cc4 100644
--- a/windows/manage/appv-planning-for-appv.md
+++ b/windows/manage/appv-planning-for-appv.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # Planning for App-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 Use this information to plan how to deploy App-V so that it does not disrupt your users or the network.
 
 ## Planning information
@@ -21,7 +24,7 @@ Use this information to plan how to deploy App-V so that it does not disrupt you
 
 -   [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
 
-    This section describes the minimum hardware and software requirements necessary for App-V client, sequencer and server feature installations. Additionally, associated feature planning information is also displayed.
+    This section describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
 
 -   [App-V Planning Checklist](appv-planning-checklist.md)
 
@@ -29,7 +32,7 @@ Use this information to plan how to deploy App-V so that it does not disrupt you
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for App-V planning
 
diff --git a/windows/manage/appv-planning-for-high-availability-with-appv.md b/windows/manage/appv-planning-for-high-availability-with-appv.md
index 9b84aeeb88..cf903010b8 100644
--- a/windows/manage/appv-planning-for-high-availability-with-appv.md
+++ b/windows/manage/appv-planning-for-high-availability-with-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Planning for High Availability with App-V Server (Windows 10)
+title: Planning for High Availability with App-V Server
 description: Planning for High Availability with App-V Server
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # Planning for High Availability with App-V Server
 
+**Applies to**
+-   Windows 10, version 1607
+
 Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high level of available service.
 
 Use the information in the following sections to help you understand the options to deploy App-V in a highly available configuration.
@@ -54,11 +57,11 @@ Review the following for more information about configuring IIS and Network Load
 
 ## <a href="" id="bkmk-clusterscsmode"></a>Support for clustered file servers when running SCS mode
 
-Running App-V Server in Share Content Store (SCS) mode with clustered file servers is supported.
+Running App-V Server in Shared Content Store (SCS) mode with clustered file servers is supported.
 
 The following steps can be used to enable this configuration:
 
--   Configure App-V to run in client SCS mode. For more information about configuring App-V SCS mode, see [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md).
+-   Configure the App-V client to run in Shared Content Store mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
 
 -   Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN.
 
@@ -127,7 +130,7 @@ The App-V management server database supports deployments to computers running M
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md
index 1b58aa37ae..5b98eac02b 100644
--- a/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md
+++ b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md
@@ -1,154 +1,4 @@
 ---
 title: Planning for Migrating from a Previous Version of App-V (Windows 10)
-description: Planning for Migrating from a Previous Version of App-V
-author: MaggiePucciEvans
-ms.pagetype: mdop, appcompat, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w10
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-migrating-to-appv-from-a-previous-version
 ---
-
-
-# Planning for Migrating from a Previous Version of App-V
-
-
-Use the following information to plan how to migrate to Microsoft Application Virtualization (App-V) from previous versions of App-V.
-
-## Migration requirements
-
-
-Before you start any upgrades, review the following requirements:
-
--   If you are upgrading from a version earlier than 4.6 SP2, upgrade to version 4.6 SP2 or version 4.6 SP3 first before upgrading to App-V or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components.
-
--   App-V supports only packages that are created using App-V 5.0 or App-V, or packages that have been converted to the **.appv** format.
-
--   If you are upgrading the App-V Server from App-V 5.0 SP1, see [About App-V](appv-about-appv.md#bkmk-migrate-to-51) for instructions.
-
-## Running the App-V client concurrently with App-V 4.6 SP2 or later
-
-
-You can run the App-V client concurrently on the same computer with the App-V 4.6 SP2 client or App-V 4.6 SP3 client.
-
-When you run coexisting App-V clients, you can:
-
--   Convert an App-V 4.6 SP2 or 4.6 SP3 package to the App-V format and publish both packages, when you have both clients running.
-
--   Define the migration policy for the converted package, which allows the converted App-V package to assume the file type associations and shortcuts from the App-V 4.6 SP2 package.
-
-### Supported coexistence scenarios
-
-The following table shows the supported App-V coexistence scenarios. We recommend that you install the latest available updates of a given release when you are running coexisting clients.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">App-V 4.6.x client type</th>
-<th align="left">App-V client type</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V 4.6 SP2</p></td>
-<td align="left"><p>App-V</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.6 SP2 RDS</p></td>
-<td align="left"><p>App-V RDS</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 4.6 SP3</p></td>
-<td align="left"><p>App-V</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.6 SP3 RDS</p></td>
-<td align="left"><p>App-V RDS</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Requirements for running coexisting clients
-
-To run coexisting clients, you must:
-
--   Install the App-V 4.6 SP2 or App-V 4.6 SP3 client before you install the App-V client.
-
--   Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** &gt; **Client Coexistence** node. To deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](http://technet.microsoft.com/library/dn659707.aspx).
-
-**Note**  
-App-V packages can run side by side with App-V 4.X packages if you have coexisting installations of App-V and 4.X. However, App-V packages cannot interact with App-V 4.X packages in the same virtual environment.
-
- 
-
-### Client downloads and documentation
-
-The following table provides links to the App-V 4.6.x client downloads and to the TechNet documentation about the releases. The downloads include the App-V “regular” and RDS clients. The TechNet documentation about the App-V client applies to both clients, unless stated otherwise.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">App-V version</th>
-<th align="left">Link to download the client</th>
-<th align="left">Link to TechNet documentation</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V 4.6 SP2</p></td>
-<td align="left"><p>[Microsoft Application Virtualization 4.6 Service Pack 2](http://www.microsoft.com/download/details.aspx?id=35513)</p></td>
-<td align="left"><p>[About Microsoft Application Virtualization 4.6 SP2](http://technet.microsoft.com/library/jj680847.aspx)</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.6 SP3</p></td>
-<td align="left"><p>[Microsoft Application Virtualization 4.6 Service Pack 3](http://www.microsoft.com/download/details.aspx?id=41187)</p></td>
-<td align="left"><p>[About Microsoft Application Virtualization 4.6 SP3](http://technet.microsoft.com/library/dn511019.aspx)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-For more information about how to configure App-V client coexistence, see:
-
--   [App-V 5.0 Coexistence and Migration](http://technet.microsoft.com/windows/jj835811.aspx)
-
-## <a href="" id="converting--previous-version--packages-using-the-package-converter-"></a>Converting “previous-version” packages using the package converter
-
-
-Before migrating a package, created using App- 4.6 SP2 or earlier, to App-V, review the following requirements:
-
--   You must convert the package to the **.appv** file format.
-
--   The Package Converter supports only the direct conversion of packages that were created by using App-V 4.5 and later. To use the package converter on a package that was created using a previous version, you must use an App-V 4.5 or later version of the sequencer to upgrade the package, and then you can perform the package conversion.
-
-For more information about using the package converter to convert a package, see [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md). After you convert the file, you can deploy it to target computers that run the App-V client.
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Related topics
-
-
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-planning-for-sequencer-and-client-deployment.md b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md
index 7da2d52c61..bd7f629151 100644
--- a/windows/manage/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md
@@ -10,6 +10,8 @@ ms.prod: w10
 
 # Planning for the App-V Sequencer and Client Deployment
 
+**Applies to**
+-   Windows 10, version 1607
 
 Before you can use App-V, you must install the App-V Sequencer, enable the App-V client, and optionally the App-V shared content store. The following sections address planning for these installations.
 
@@ -19,7 +21,7 @@ Before you can use App-V, you must install the App-V Sequencer, enable the App-V
 App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer.
 
 > [!NOTE]  
-> For information about the new functionality of App-V sequencer, see the **Sequencer Improvements** section of [About App-V](appv-about-appv.md).
+> For information about the new functionality of App-V sequencer, see [What's new in App-V](appv-about-appv.md#bkmk-seqimprove).
 
 
 The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md).
@@ -38,10 +40,7 @@ Ideally, you should install the sequencer on a computer running as a virtual mac
 
 ## Planning for App-V client deployment
 
-In Windows 10, version 1607, the App-V client is included with the operating system. For more info, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
-
-For a list of the client minimum requirements see [App-V Prerequisites](appv-prerequisites.md).
-
+In Windows 10, version 1607, the App-V client is included with the operating system. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
 ## Planning for the App-V Shared Content Store (SCS)
 
@@ -57,7 +56,7 @@ The following list displays some of the benefits of using the App-V Shared Conte
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for the App-V deployment
 
@@ -69,4 +68,4 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 
 - [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
 
-- [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md)
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/manage/appv-planning-for-using-appv-with-office.md b/windows/manage/appv-planning-for-using-appv-with-office.md
index c272ff6893..46907201bd 100644
--- a/windows/manage/appv-planning-for-using-appv-with-office.md
+++ b/windows/manage/appv-planning-for-using-appv-with-office.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # Planning for Using App-V with Office
 
+**Applies to**
+-   Windows 10, version 1607
+
 Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V). This article includes:
 
 -   [App-V support for Language Packs](#bkmk-lang-pack)
@@ -300,4 +303,10 @@ The Office 2013 App-V package supports the following integration points with the
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+
+- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
diff --git a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index f323d22bfb..fa9a2274ee 100644
--- a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -10,7 +10,10 @@ ms.prod: w10
 
 # Planning to Deploy App-V with an electronic software distribution system
 
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+**Applies to**
+-   Windows 10, version 1607
+
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
@@ -21,8 +24,13 @@ Review the following component and architecture requirements options that apply
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
 - [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+
+- [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+
+- [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
+
diff --git a/windows/manage/appv-planning-to-deploy-appv.md b/windows/manage/appv-planning-to-deploy-appv.md
index a18db4a671..a0f284e210 100644
--- a/windows/manage/appv-planning-to-deploy-appv.md
+++ b/windows/manage/appv-planning-to-deploy-appv.md
@@ -9,13 +9,16 @@ ms.prod: w10
 ---
 
 
-# Planning to Deploy App-V
+# Planning to Deploy App-V for Windows 10
 
-You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for App-V. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.
+**Applies to**
+-   Windows 10, version 1607
+
+There are a number of different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to formulate a deployment plan that best meets your business requirements.
 
 ## App-V supported configurations
 
-Describes the minimum hardware and operating system requirements for each App-V components. For information about software prerequisites that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
+Describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
 
 [App-V Supported Configurations](appv-supported-configurations.md)
 
@@ -37,7 +40,7 @@ Describes the options and requirements for deploying App-V with an electronic so
 
 [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
 
-## Planning for the App-V Server deployment
+## Planning for App-V server deployment
 
 Describes the planning considerations for the App-V Server components and their functions.
 
@@ -53,7 +56,7 @@ Describes the planning considerations for the App-V Client and for the Sequencer
 
 Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment.
 
-[Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)
+[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
 
 ## Planning for using App-V with Office
 
@@ -72,3 +75,7 @@ Explains how folder redirection works with App-V.
 -   [Planning for App-V](appv-planning-for-appv.md)
 
 -   [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-preparing-your-environment.md b/windows/manage/appv-preparing-your-environment.md
index 1af564cc9d..4441751908 100644
--- a/windows/manage/appv-preparing-your-environment.md
+++ b/windows/manage/appv-preparing-your-environment.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # Preparing Your Environment for App-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V). This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.
 
 ## App-V prerequisites
@@ -26,7 +29,7 @@ There are a number of different deployment configurations and prerequisites that
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Other resources for App-V planning
 
diff --git a/windows/manage/appv-prerequisites.md b/windows/manage/appv-prerequisites.md
index b8b112eea4..75d460f023 100644
--- a/windows/manage/appv-prerequisites.md
+++ b/windows/manage/appv-prerequisites.md
@@ -9,12 +9,14 @@ ms.prod: w10
 ---
 
 
-# App-V Prerequisites
+# App-V for Windows 10 Prerequisites
 
+**Applies to**
+-   Windows 10, version 1607
 
-Before installing App-V, ensure that you have installed all of the following required prerequisite software.
+Before installing App-V for Windows 10, ensure that you have installed all of the following required prerequisite software.
 
-For a list of supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client, see [App-V Supported Configurations](appv-supported-configurations.md).
+For a list of supported operating systems and hardware requirements for the App-V server, sequencer, and client, see [App-V Supported Configurations](appv-supported-configurations.md).
 
 ## Summary of software preinstalled on each operating system
 
@@ -49,7 +51,7 @@ The following table indicates the software that is already installed for differe
 </div></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>Windows Server 2012</p></td>
+<td align="left"><p>Windows Server 2016</p></td>
 <td align="left"><p>The following prerequisite software is already installed:</p>
 <ul>
 <li><p>Microsoft .NET Framework 4.5</p></li>
@@ -75,7 +77,7 @@ The following table indicates the software that is already installed for differe
 ## App-V Server prerequisite software
 
 
-Install the required prerequisite software for the App-V Server components.
+Install the required prerequisite software for the App-V server components.
 
 ### What to know before you start
 
@@ -517,88 +519,6 @@ The Reporting database is required only if you are using the App-V Reporting ser
 </tbody>
 </table>
 
- 
-
-## App-V client prerequisite software
-
-
-Install the following prerequisite software for the App-V client.
-
-> [!NOTE]
-> This is not required on Windows 10, version 1607.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisite</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)</p>
-<p></p></td>
-<td align="left"><p>Installing PowerShell 3.0 requires a restart.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[KB2533623](http://support.microsoft.com/kb/2533623)</p></td>
-<td align="left"><p>Applies to Windows 7 only: Download and install the KB.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Remote Desktop Services client prerequisite software
-
-
-Install the following prerequisite software for the App-V Remote Desktop Services client.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Prerequisite</th>
-<th align="left">Details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)</p>
-<p></p></td>
-<td align="left"><p>Installing PowerShell 3.0 requires a restart.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[KB2533623](http://support.microsoft.com/kb/2533623)</p></td>
-<td align="left"><p>Applies to Windows 7 only: Download and install the KB.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
-<td align="left"><p></p></td>
-</tr>
-</tbody>
-</table>
-
- 
 
 ## Sequencer prerequisite software
 
@@ -641,7 +561,7 @@ Install the following prerequisite software for the App-V Remote Desktop Service
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-publish-a-connection-group.md b/windows/manage/appv-publish-a-connection-group.md
index 9f4e344c77..014cc15335 100644
--- a/windows/manage/appv-publish-a-connection-group.md
+++ b/windows/manage/appv-publish-a-connection-group.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Publish a Connection Group
 
+**Applies to**
+-   Windows 10, version 1607
 
 After you create a connection group, you must publish it to computers that run the App-V client.
 
@@ -20,20 +22,12 @@ After you create a connection group, you must publish it to computers that run t
 
 2.  Right-click the connection group to be published, and select **publish**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
 
 [Managing Connection Groups](appv-managing-connection-groups.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-publish-a-packages-with-the-management-console.md b/windows/manage/appv-publish-a-packages-with-the-management-console.md
index d66b07c352..78055ff155 100644
--- a/windows/manage/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/manage/appv-publish-a-packages-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Publish a Package by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to publish an App-V package. Once you publish a package, computers that are running the App-V client can access and run the applications in that package.
 
@@ -31,26 +33,18 @@ The ability to enable only administrators to publish or unpublish packages (desc
 
 1.  Navigate to the following Group Policy Object node:
 
-    **Computer Configuration &gt; Policies &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
+    **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
 
 2.  Enable the **Require publish as administrator** Group Policy setting.
 
-    To alternatively use PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
+    To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
 
 [How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 9b3b9d8b15..842ccdc2da 100644
--- a/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Register and Unregister a Publishing Server by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can register and unregister publishing servers that will synchronize with the App-V management server. You can also see the last attempt that the publishing server made to synchronize the information with the management server.
 
@@ -34,18 +36,10 @@ Use the following procedure to register or unregister a publishing server.
 
 3.  To unregister the server, right-click the computer name and select the computer name and select **unregister server**.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-release-notes-for-appv-for-windows.md b/windows/manage/appv-release-notes-for-appv-for-windows.md
index 618d92d9da..a80d391a45 100644
--- a/windows/manage/appv-release-notes-for-appv-for-windows.md
+++ b/windows/manage/appv-release-notes-for-appv-for-windows.md
@@ -11,16 +11,42 @@ ms.prod: w10
 
 # Release Notes for App-V for Windows 10, version 1607
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
-Review these known issues in Microsoft Application Virtualization (App-V) for Windows.
+The following are known issues in Application Virtualization (App-V) for Windows 10, version 1607.
+ 
+## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client
+
+MSI packages that were generated using an App-V sequencer from previous versions of App-V (App-V versions 5.1 and earlier) include a check to validate that the App-V client is installed on client devices before allowing the MSI package to install. Now that the App-V client is installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail.
+
+**Workaround**:
+
+1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+
+2. Ensure that you have installed the **MSI Tools** included in the Windows 10 SDK, available as follows:
+
+    - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/en-us/windows/downloads).
+    
+    - For the standalone Windows 10 SDK without other tools, see [Standalone Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
+
+3. From an elevated Windows PowerShell prompt, navigate to the following folder:
+ 
+    &lt;Windows Kits 10 installation folder&gt;**\Microsoft Application Virtualization\Sequencer\** 
+
+    By default, this path will be:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** 
+
+4. Run the following command:
+
+    `Update-AppvPackageMsi -MsiPackage "<path to App-V Package .msi file>" -MsSdkPath "<path to Windows SDK installation>"` 
+
+    By default, the path to the Windows SDK installation will be:<br>**C:\Program Files (x86)\Windows Kits\10**
 
 ## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V Client on Windows 10
 
+An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V client on Windows 10. This error occurs because the App-V 5.0 SP3 server does not understand the Windows 10 operating system that is specified in the publishing URL. The issue is fixed for App-V publishing server, but is not backported to versions of App-V 5.0 SP3 or earlier.
 
-An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V client on Windows 10 . This error occurs because the App-V 5.0 SP3 server does not understand the Windows 10 operating system that is specified in the publishing URL. The issue is fixed for App-V publishing server, but is not backported to versions of App-V 5.0 SP3 or earlier.
-
-**Workaround**: Upgrade the App-V 5.0 management server to the App-V management server for Windows 10 clients.
+**Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients.
 
 ## Custom configurations do not get applied for packages that will be published globally if they are set using the App-V Server
 
@@ -28,14 +54,13 @@ If you assign a package to an AD group that contains machine accounts and apply
 
 **Workaround**: Do one of the following:
 
--   Assign the package to groups containing only user accounts. This will ensure that the package’s custom configuration is stored in each user’s profile and will be applied correctly.
+-   Assign the package to groups containing only user accounts. This will ensure that the package’s custom configuration will be stored in each user’s profile and will be applied correctly.
 
 -   Create a custom deployment configuration file and apply it to the package on the client using the Add-AppvClientPackage cmdlet with the –DynamicDeploymentConfiguration parameter. See [About App-V Dynamic Configuration](appv-dynamic-configuration.md) for more information.
 
--   Create a new package with the custom configuration using the App-V sequencer.
-
-## Server files not deleted after new App-V for Windows server installation
+-   Create a new package with the custom configuration using the App-V Sequencer.
 
+## Server files not deleted after new App-V Server installation
 
 If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the installation fails, the wrong version of the Management server is installed, and an error message is returned. The issue occurs because the Server files are not being deleted when you uninstall App-V 5.0 SP1, so the installation process does an upgrade instead of a new installation.
 
@@ -45,21 +70,18 @@ Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVe
 
 ## File type associations added manually are not saved correctly
 
-
 File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard are not saved correctly. They will not be available to the App-V Client or to the Sequencer when updating the saved package again.
 
 **Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the package’s virtual registry, where it will be available to the client.
 
 ## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk.
 
-
 To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that would not otherwise be written.
 
 **Workaround**: None
 
 ## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox
 
-
 On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you are accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package.
 
 **Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps:
@@ -72,7 +94,6 @@ On the Packages page of the Management Console, if you click **Add or Upgrade**
 
 ## <a href="" id="upgrading-app-v-management-server-to-5-1-sometimes-fails-with-the-message--a-database-error-occurred-"></a>Upgrading App-V Management Server to 5.1 sometimes fails with the message “A database error occurred”
 
-
 If you install the App-V 5.0 SP1 Management Server, and then try to upgrade to App-V Server when multiple connection groups are configured and enabled, the following error is displayed: “A database error occurred. Reason: 'Invalid column name 'PackageOptional'. Invalid column name 'VersionOptional'.”
 
 **Workaround**: Run this command on your SQL database:
@@ -83,7 +104,6 @@ where “AppVManagement” is the name of the database.
 
 ## Users cannot open a package in a user-published connection group if you add or remove an optional package
 
-
 In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users cannot open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group.
 
 **Workaround**: Have users log out and then log back in.
@@ -101,17 +121,16 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed,
 
 -   Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command.
 
-    Determine which packages are available to users and then run the Repair-AppvClientPackage command once for each package. Use PowerShell cmdlets to do the following:
+    Determine which packages are available to users and then run the **Repair-AppvClientPackage** command once for each package. Use Windows PowerShell cmdlets to do the following:
 
     1.  Get all the packages in a connection group.
 
     2.  Check to see if each package is currently published.
 
-    3.  If the package is currently published, run Repair-AppvClientPackage on that package.
+    3.  If the package is currently published, run **Repair-AppvClientPackage** on that package.
 
 ## Icons not displayed properly in Sequencer
 
-
 Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons are not 16x16 or 32x32.
 
 **Workaround**: Only use icons that are 16x16 or 32x32.
@@ -126,7 +145,6 @@ The Permissions.sql script should be updated according to **Step 2** in [KB arti
 **Important**  
 **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
 
- 
 
 ## Microsoft Visual Studio 2012 not supported
 
@@ -144,19 +162,8 @@ The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
-[About App-V](appv-about-appv.md)
-
- 
-
- 
-
-
-
-
-
+[What's new in App-V for Windows 10](appv-about-appv.md)
diff --git a/windows/manage/appv-reporting.md b/windows/manage/appv-reporting.md
index a23ad9f73a..69722473af 100644
--- a/windows/manage/appv-reporting.md
+++ b/windows/manage/appv-reporting.md
@@ -11,10 +11,12 @@ ms.prod: w10
 
 # About App-V Reporting
 
+**Applies to**
+-   Windows 10, version 1607
 
-Microsoft Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database.
+Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database.
 
-## <a href="" id="---------app-v-5-1-reporting-overview"></a> App-V Reporting Overview
+## <a href="" id="---------app-v-reporting-overview"></a> App-V Reporting Overview
 
 
 The following list displays the end–to-end high-level workflow for reporting in App-V.
@@ -31,112 +33,82 @@ The following list displays the end–to-end high-level workflow for reporting i
 
 2.  Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
 
-3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <http://go.microsoft.com/fwlink/?LinkId=397255>.
+3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports ](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
 
-    **Note**  
+    >**Note**  
     If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
 
      
 
-4.  After importing the App-V PowerShell module using `Import-Module AppvClient` as administrator, enable the App-V client. This sample PowerShell cmdlet enables App-V reporting:
+4.  After importing the App-V Windows PowerShell module using `Import-Module AppvClient` as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting:
 
     ``` syntax
-    Set-AppvClientConfiguration –reportingserverurl <url>:<port> -reportingenabled 1 – ReportingStartTime <0-23> - ReportingRandomDelay <#min>
+    Set-AppvClientConfiguration -ReportingServerURL <url>:<port> -ReportingEnabled 1 -ReportingStartTime <0-23> -ReportingRandomDelay <#min>
     ```
 
     To immediately send App-V report data, run `Send-AppvClientReport` on the App-V client.
 
-    For more information about installing the App-V client with reporting enabled see [About Client Configuration Settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+    For more information about configuring reporting on the App-V client, see [About Client Configuration Settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
 
 5.  After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V client.
 
 6.  When the App-V client receives the success notification, it empties the data cache to conserve space.
 
-    **Note**  
-    By default the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
-
-     
-
+    >**Note**  
+    By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
+    
     If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
 
-### <a href="" id="-------------app-v-5-1-reporting-server-frequently-asked-questions"></a> App-V reporting server frequently asked questions
+### <a href="" id="-------------app-v-reporting-server-frequently-asked-questions"></a> App-V reporting server frequently asked questions
 
-The following table displays answers to common questions about App-V reporting
+The following list displays answers to common questions about App-V reporting.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Question</th>
-<th align="left">More Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>What is the frequency that reporting information is sent to the reporting database?</p></td>
-<td align="left"><p>The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>What information is stored in the reporting server database?</p></td>
-<td align="left"><p>The following list displays what is stored in the reporting database:</p>
-<ul>
-<li><p>The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.</p></li>
-<li><p>App-V Client information: version.</p></li>
-<li><p>Published package list: GUID, version GUID, name.</p></li>
-<li><p>Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>What is the average volume of information that is sent to the reporting server?</p></td>
-<td align="left"><p>It depends. The following list displays the three sets of the data sent to the reporting server:</p>
-<ol>
-<li><p>Operating system, and App-V client information. ~150 Bytes, every time this data is sent.</p></li>
-<li><p>Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.</p></li>
-<li><p>Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is <strong>DeleteOnSuccess</strong>.</p>
-<p></p>
-<p>So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user</p></li>
-</ol></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Can reporting be scheduled?</p></td>
-<td align="left"><p>Yes. Besides manually sending reporting using PowerShell Cmdlets (<strong>Send-AppvClientReport</strong>), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:</p>
-<ol>
-<li><p>Using PowerShell cmdlets - <strong>Set-AppvClientConfiguration</strong>. For example:</p>
-<p>Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting</p>
-<p></p>
-<p>For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: <strong>ReportingEnabled</strong>, <strong>ReportingServerURL</strong>, <strong>ReportingDataCacheLimit</strong>, <strong>ReportingDataBlockSize</strong>, <strong>ReportingStartTime</strong>, <strong>ReportingRandomDelay</strong>, <strong>ReportingInterval</strong>.</p>
-<p></p></li>
-<li><p>By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>Group Policy settings override local settings configured using PowerShell.</p>
-</div>
-<div>
- 
-</div></li>
-</ol></td>
-</tr>
-</tbody>
-</table>
+- **What is the frequency that reporting information is sent to the reporting database?**
 
- 
+    The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.
 
-## <a href="" id="---------app-v-5-1-client-reporting"></a> App-V Client Reporting
+- **What information is stored in the reporting server database?**
+
+    The following list displays what is stored in the reporting database:
+    - The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.
+    - App-V Client information: version.
+    - Published package list: GUID, version GUID, name.
+    - Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.
+
+- **What is the average volume of information that is sent to the reporting server?**
+
+    It depends. The following list displays the three sets of the data sent to the reporting server:
+    - Operating system, and App-V client information. ~150 Bytes, every time this data is sent.
+    - Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.
+    - Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is **DeleteOnSuccess**.
+    
+    So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user.
+
+- **Can reporting be scheduled?**
+
+    Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
+    - Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example:
+    `Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting`
+    
+    For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**.
+    
+    - By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
+    
+    **Note**  
+    Group Policy settings override local settings configured using Windows PowerShell.
 
 
-To use App-V reporting you must install and configure the App-V client. After the client has been installed, use the **Set-AppVClientConfiguration** PowerShell cmdlet or the **ADMX Template** to configure reporting. The reporting feature cmdlets are available by using the following link and are prefaced by **Reporting**. For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md). The following section provides examples of App-V client reporting configuration using PowerShell.
+## <a href="" id="---------app-v-client-reporting"></a> App-V Client Reporting
 
-### Configuring App-V Client reporting using PowerShell
 
-The following examples show how PowerShell parameters can configure the reporting features of the App-V client.
+To use App-V reporting you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About Client Configuration Settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+
+### Configuring App-V Client reporting using Windows PowerShell
+
+The following examples show how Windows PowerShell parameters can configure the reporting features of the App-V client.
 
 **Note**  
-The following configuration task can also be configured using Group Policy settings in the App-V ADMX template. For more information about using the ADMX template, see [How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md).
-
- 
+The following configuration task can also be configured using Group Policy settings in the App-V ADMX template. The App-V settings are under **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V**.
 
 **To enable reporting and to initiate data collection on the computer running the App-V client**:
 
@@ -145,12 +117,10 @@ The following configuration task can also be configured using Group Policy setti
 **To configure the client to automatically send data to a specific reporting server**:
 
 ``` syntax
-Set-AppVClientConfiguration –ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30
+Set-AppVClientConfiguration -ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30
 ```
 
-`-ReportingInterval 1 -ReportingRandomDelay 30`
-
-This example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
+The preceding example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
 
 **To limit the size of the data cache on the client**:
 
@@ -238,7 +208,7 @@ You can configure the computer that is running the App-V client to automatically
 
 -   ReportingRandomDelay
 
-After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following PowerShell cmdlet:
+After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following Windows PowerShell cmdlet:
 
 `Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess`
 
@@ -286,7 +256,7 @@ To retrieve report information and create reports using App-V you must use one o
 
 -   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports.
 
-    Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596).
+    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://technet.microsoft.com/en-us/library/ms159106(v=sql.130).aspx).
 
 -   **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example:
 
@@ -294,7 +264,7 @@ To retrieve report information and create reports using App-V you must use one o
 
     **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
 
-    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=287045).
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://technet.microsoft.com/library/ms178130).
 
     The stored procedure is also created when using the App-V database scripts.
 
@@ -303,12 +273,12 @@ You should also ensure that the reporting server web service’s **Maximum Concu
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
 
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+[Deploying the App-V server](appv-deploying-the-appv-server.md)
 
 [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md)
 
diff --git a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index cdd905e166..44c8051ac6 100644
--- a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 
+**Applies to**
+-   Windows 10, version 1607
 
 You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you:
 
@@ -22,7 +24,7 @@ Use any of the following methods to open a local application inside the App-V vi
 
 -   [RunVirtual registry key](#bkmk-runvirtual-regkey)
 
--   [Get-AppvClientPackage PowerShell cmdlet](#bkmk-get-appvclientpackage-posh)
+-   [Get-AppvClientPackage Windows PowerShell cmdlet](#bkmk-get-appvclientpackage-posh)
 
 -   [Command line switch /appvpid:&lt;PID&gt;](#bkmk-cl-switch-appvpid)
 
@@ -37,32 +39,7 @@ To add a locally installed application to a package or to a connection group’s
 
 There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
 
-### <a href="" id="bkmk-"></a>Supported methods of publishing packages when using RunVirtual
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">App-V version</th>
-<th align="left">Supported publishing methods</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V 5.0 SP3 and App-V</p></td>
-<td align="left"><p>Published globally or to the user</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 5.0 through App-V 5.0 SP2</p></td>
-<td align="left"><p>Published globally only</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
 
 ### Steps to create the subkey
 
@@ -125,7 +102,7 @@ There is no Group Policy setting available to manage this registry key, so you h
     @="aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-555555555
     ```
 
-## <a href="" id="bkmk-get-appvclientpackage-posh"></a>Get-AppvClientPackage PowerShell cmdlet
+## <a href="" id="bkmk-get-appvclientpackage-posh"></a>Get-AppvClientPackage Windows PowerShell cmdlet
 
 
 You can use the **Start-AppVVirtualProcess** cmdlet to retrieve the package name and then start a process within the specified package's virtual environment. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
@@ -136,7 +113,7 @@ Use the following example syntax, and substitute the name of your package for **
 
 `Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe`
 
-If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, you can use the command line <strong>Get-AppvClientPackage \*executable\*</strong>, where **executable** is the name of the application, for example:<br>Get-AppvClientPackage \*Word\*
 
 ## <a href="" id="bkmk-cl-switch-appvpid"></a>Command line switch /appvpid:&lt;PID&gt;
 
@@ -166,14 +143,14 @@ To get the package GUID and version GUID of your application, run the **Get-Appv
 
 -   Version ID of the desired package
 
-If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, use the command line <strong>Get-AppvClientPackage \*executable\*</strong>, where **executable** is the name of the application, for example:<br>Get-AppvClientPackage \*Word\*
 
 This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
 
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-security-considerations.md b/windows/manage/appv-security-considerations.md
index 79d71d971a..aca3a8d168 100644
--- a/windows/manage/appv-security-considerations.md
+++ b/windows/manage/appv-security-considerations.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # App-V Security Considerations
 
+**Applies to**
+-   Windows 10, version 1607
 
 This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 
@@ -31,9 +33,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, subscribe to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx).
 
 ## Accounts and groups in App-V
 
@@ -128,7 +130,7 @@ During App-V Setup, setup log files are created in the **%temp%** folder of the
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-sequence-a-new-application.md b/windows/manage/appv-sequence-a-new-application.md
index dbae0de06b..24b1fb9ba1 100644
--- a/windows/manage/appv-sequence-a-new-application.md
+++ b/windows/manage/appv-sequence-a-new-application.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # How to Sequence a New Application with App-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
 **To review or do before you start sequencing**
@@ -53,11 +56,9 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     > [!NOTE]  
     > If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
-
-
+    
     If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then click **Next**.
 
-
 6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
 
     Click **Next**.
@@ -66,8 +67,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     > [!IMPORTANT]  
     > You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
-
-
+    
     Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
 
 8.  On the **Installation** page, wait while the sequencer configures the virtualized application package.
@@ -76,8 +76,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     > [!NOTE]  
     > To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
-
-
+    
     Click **Next**.
 
 10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
@@ -109,9 +108,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     > [!IMPORTANT]  
     > The system does not support non-printable characters in **Comments** and **Descriptions**.
-
-     
-
+    
     The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
 
 15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
@@ -148,7 +145,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     Click **Next**.
 
-7.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console.
+7.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
 
     Click **Next**.
 
@@ -179,9 +176,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     > [!IMPORTANT]   
     > The system does not support non-printable characters in Comments and Descriptions.
-
-     
-
+    
     The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
 
 **To sequence a middleware application**
@@ -193,14 +188,14 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
 
     > [!IMPORTANT] 
-    > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
+    > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
 
 
 4.  On the **Type of Application** page, select **Middleware**, and then click **Next**.
 
 5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
 
-6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console.
+6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
 
     Click **Next**.
 
@@ -218,8 +213,7 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
 
     > [!IMPORTANT]   
     > The system does not support non-printable characters in Comments and Descriptions.
- 
-
+    
     The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
 
 12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
@@ -229,10 +223,9 @@ In Windows 10, version 1607, the App-V Sequencer is included with the Windows AD
     > [!IMPORTANT]    
     > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
 
-     
-
 ## Have a suggestion for App-V?
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-sequence-a-package-with-powershell.md b/windows/manage/appv-sequence-a-package-with-powershell.md
index f35388deed..e1920755b9 100644
--- a/windows/manage/appv-sequence-a-package-with-powershell.md
+++ b/windows/manage/appv-sequence-a-package-with-powershell.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # How to Sequence a Package by using Windows PowerShell
 
+**Applies to**
+-   Windows 10, version 1607
+
 Use the following procedure to create a new App-V package using Windows PowerShell.
 
 > [!NOTE]   
@@ -57,7 +60,8 @@ The following list displays additional optional parameters that can be used with
 -   FullLoad - specifies that the package must be fully downloaded to the computer running the App-V before it can be opened.
 
 ## Have a suggestion for App-V?
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-supported-configurations.md b/windows/manage/appv-supported-configurations.md
index 67662f89bd..e7a69f7b2a 100644
--- a/windows/manage/appv-supported-configurations.md
+++ b/windows/manage/appv-supported-configurations.md
@@ -11,20 +11,22 @@ ms.prod: w10
 
 # App-V Supported Configurations
 
+**Applies to**
+-   Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2
 
-This topic specifies the requirements to install and run App-V in your environment.
+This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V Prerequisites](appv-prerequisites.md).
 
 ## App-V Server system requirements
 
-This section lists the operating system and hardware requirements for all of the App-V Server components.
+This section lists the operating system and hardware requirements for all of the App-V server components.
 
-### Unsupported App-V Server scenarios
+### Unsupported App-V server scenarios
 
-The App-V Server does not support the following scenarios:
+The App-V server does not support the following scenarios:
 
 -   Deployment to a computer that runs the Server Core installation option.
 
--   Deployment to a computer that runs a previous version of App-V Server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported.
+-   Deployment to a computer that runs a previous version of the App-V server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the Application Virtualization Management Service (HWS) 4.x is not supported.
 
 -   Deployment to a computer that runs Microsoft SQL Server Express edition.
 
@@ -34,47 +36,7 @@ The App-V Server does not support the following scenarios:
 
 ### Management server operating system requirements
 
-The following table lists the operating systems that are supported for the App-V Management server installation.
-
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Service Pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2016</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows Server 2012</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+The App-V Management server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
 
 > [!IMPORTANT]  
 > Deployment of the Management server role to a computer with Remote Desktop Services enabled is not supported.
@@ -129,46 +91,8 @@ The following table lists the SQL Server versions that are supported for the App
 
 ### Publishing server operating system requirements
 
-The following table lists the operating systems that are supported for the App-V Publishing server installation.
+The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Service Pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2016</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows Server 2012</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-</tbody>
-</table>
-
- 
 
 ### Publishing server hardware requirements
 
@@ -182,46 +106,7 @@ App-V adds no additional requirements beyond those of Windows Server.
 
 ### Reporting server operating system requirements
 
-The following table lists the operating systems that are supported for the App-V Reporting server installation.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Service Pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2016</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows Server 2012</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+The App-V Reporting server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later. 
 
 ### Reporting server hardware requirements
 
@@ -271,129 +156,11 @@ The following table lists the SQL Server versions that are supported for the App
 
  
 
-## App-V client system requirements
+## App-V client requirements and Remote Desktop Services client requirements
 
+With Windows 10, version 1607 and later releases, the App-V client is included with Windows 10 Enterprise and Windows 10 Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
-The following table lists the operating systems that are supported for the App-V client installation.
-
-> [!NOTE]  
-> App-V is included with Windows 10, version 1607 and later.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Service pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Windows 10, version 1511</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Windows 10, version 1507</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Windows 8.1</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Windows 8</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Windows /p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>32-bit or 64-bit</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-The following App-V client installation scenarios are not supported, except as noted:
-
--   Computers that run Windows Server
-
--   Computers that run App-V 4.6 SP1 or earlier versions
-
--   The App-V Remote Desktop services client is supported only for RDS-enabled servers
-
-### App-V client hardware requirements
-
-The following list displays the supported hardware configuration for the App-V client installation.
-
--   Processor— 1.4 GHz or faster 32-bit (x86) or 64-bit (x64) processor
-
--   RAM— 1 GB (32-bit) or 2 GB (64-bit)
-
--   Disk— 100 MB for installation, not including the disk space that is used by virtualized applications.
-
-## Remote Desktop Services client system requirements
-
-
-The following table lists the operating systems that are supported for App-V Remote Desktop Services (RDS) client installation.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Operating system</th>
-<th align="left">Service Pack</th>
-<th align="left">System architecture</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2016</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Microsoft Windows Server 2012</p></td>
-<td align="left"><p></p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
-<td align="left"><p>SP1</p></td>
-<td align="left"><p>64-bit</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Remote Desktop Services client hardware requirements
-
-App-V adds no additional requirements beyond those of Windows Server.
-
--   Processor—1.4 GHz or faster, 64-bit (x64) processor
-
--   RAM—2 GB RAM (64-bit)
-
--   Disk space—200 MB available hard disk space
+Similarly, the App-V Remote Desktop Services (RDS) client is included with Windows Server 2016 Standard and Windows Server 2016 Datacenter.
 
 ## Sequencer system requirements
 
@@ -452,7 +219,6 @@ The following table lists the operating systems that are supported for the App-V
 </tbody>
 </table>
 
- 
 
 ### Sequencer hardware requirements
 
@@ -460,196 +226,12 @@ See the Windows or Windows Server documentation for the hardware requirements. A
 
 ## <a href="" id="bkmk-supp-ver-sccm"></a>Supported versions of System Center Configuration Manager
 
-
-The App-V client supports the following versions of System Center Configuration Manager:
-
--   Microsoft System Center 2012 Configuration Manager
-
--   System Center 2012 R2 Configuration Manager
-
--   System Center 2012 R2 Configuration Manager SP1
-
-The following App-V and System Center Configuration Manager version matrix shows all officially supported combinations of App-V and Configuration Manager.
-
-<table>
-<colgroup>
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-<col width="12%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">App-V Version</th>
-<th align="left">System Center Configuration Manager 2007</th>
-<th align="left">System Center 2012 Configuration Manager</th>
-<th align="left">System Center 2012 Configuration Manager SP1</th>
-<th align="left">System Center 2012 R2 Configuration Manager</th>
-<th align="left">System Center 2012 R2 Configuration Manager SP1</th>
-<th align="left">System Center 2012 Configuration Manager SP2</th>
-<th align="left">System Center Configuration Manager Version 1511</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V 4.5</p></td>
-<td align="left"><p>R2</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.5 CU1</p></td>
-<td align="left"><p>R2</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 4.5 SP1</p></td>
-<td align="left"><p>R2</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.5 SP2</p></td>
-<td align="left"><p>R2</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 4.6</p></td>
-<td align="left"><p>R2, SP1</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.6 SP1</p></td>
-<td align="left"><p>R2, R3, SP2</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 4.6 SP2</p></td>
-<td align="left"><p>R2, R3, SP2</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 4.6 SP3</p></td>
-<td align="left"><p>R2, R3, SP2</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 5.0</p></td>
-<td align="left"><p>MSI-Wrapper-Only</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 5.0 SP1</p></td>
-<td align="left"><p>MSI-Wrapper Only</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 5.0 SP2</p></td>
-<td align="left"><p>MSI-Wrapper Only</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>2012 SP1 CU4</p>
-<p>App-V 5.0 HF5 or later</p></td>
-<td align="left"><p>2012 R2 CU1</p>
-<p>App-V 5.0 HF5 or later</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>With App-V 5.0 SP2 HF5 or later</p></td>
-<td align="left"><p>With App-V 5.0 SP2 HF5 or later</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 5.0 SP2 HF4</p></td>
-<td align="left"><p>MSI-Wrapper Only</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>2012 SP1 CU4</p>
-<p>App-V 5.0 HF5 or later</p></td>
-<td align="left"><p>2012 R2 CU1</p>
-<p>App-V 5.0 HF5 or later</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Requires HF5 or later</p></td>
-<td align="left"><p>Requires HF5 or later</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>App-V 5.0 SP3</p></td>
-<td align="left"><p>MSI-Wrapper Only</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>2012 SP1 CU4</p></td>
-<td align="left"><p>2012 R2 CU1</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V</p></td>
-<td align="left"><p>MSI-Wrapper Only</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>2012 SP1 CU4</p></td>
-<td align="left"><p>2012 R2 CU1</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](http://technet.microsoft.com/library/jj822982.aspx).
+The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
 
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
diff --git a/windows/manage/appv-technical-reference.md b/windows/manage/appv-technical-reference.md
index 713d772993..692da1bf49 100644
--- a/windows/manage/appv-technical-reference.md
+++ b/windows/manage/appv-technical-reference.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Technical Reference for App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 This section provides reference information related to managing App-V.
 
@@ -25,21 +27,23 @@ This section provides reference information related to managing App-V.
 
     Describes how the following App-V client operations affect the local operating system: App-V files and data storage locations, package registry, package store behavior, roaming registry and data, client application lifecycle management, integration of App-V packages, dynamic configuration, side-by-side assemblies, and client logging.
 
+-   [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
+
+    Tells how to view publishing metadata, which can help you resolve publishing-related issues.
+
+-   [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
+
+    Describes reasons and methods for running a locally installed application in a virtual environment, alongside applications that have been virtualized by using Application Virtualization (App-V).
+
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
+[How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md)
 
-[Creating App-V 4.5 Databases Using SQL Scripting](https://technet.microsoft.com/en-us/itpro/mdop/solutions/creating-app-v-45-databases-using-sql-scripting)
-
- 
-
- 
-
-
-
-
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
 
+[Windows PowerShell reference for App-V](https://technet.microsoft.com/en-us/library/dn903534.aspx)
diff --git a/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index a39449b055..6311662ac3 100644
--- a/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to transfer the access and default package configurations to another version of a package by using the management console.
 
@@ -24,18 +26,10 @@ Use the following procedure to transfer the access and default package configura
 
     If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-troubleshooting.md b/windows/manage/appv-troubleshooting.md
index 7a8e67b35c..1851a31174 100644
--- a/windows/manage/appv-troubleshooting.md
+++ b/windows/manage/appv-troubleshooting.md
@@ -11,65 +11,27 @@ ms.prod: w10
 
 # Troubleshooting App-V
 
+**Applies to**
+-   Windows 10, version 1607
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+For information that can help with troubleshooting App-V for Windows 10, see:
 
-## How to Find Troubleshooting Content
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+
+- [Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
+
+- [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
+
+- [Technical Reference for App-V](appv-technical-reference.md)
+
+- [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv)
 
 
-You can use the following information to find troubleshooting or additional technical content for this product.
+## Other resources
 
-### Search the MDOP Documentation
+-   [Application Virtualization (App-V) for Windows 10 overview](appv-for-windows.md)
 
-The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet.
-
-After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki.
-
-**To search the MDOP product documentation**
-
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
-
-2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
-
-3.  Review the search results for assistance.
-
-**To search the TechNet Wiki**
-
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
-
-2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
-
-3.  Review the search results for assistance.
-
-## How to Create a Troubleshooting Article
-
-
-If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles.
-
-**To create a TechNet Wiki troubleshooting or best practices article**
-
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
-
-2.  Log in with your Windows Live ID.
-
-3.  Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles.
-
-4.  Select **Post an article &gt;&gt;** at the bottom of the **Getting Started** section.
-
-5.  On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**.
-
-6.  Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article.
-
-7.  After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content.
-
-8.  Click **Save** to publish the article to the TechNet Wiki.
-
-## Other resources for troubleshooting App-V
-
-
--   [Application Virtualization (App-V) overview](appv-for-windows.md)
-
--   [Getting Started with App-V](appv-getting-started.md)
+-   [Getting Started with App-V for Windows 10](appv-getting-started.md)
 
 -   [Planning for App-V](appv-planning-for-appv.md)
 
@@ -79,14 +41,4 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
- 
-
- 
-
-
-
-
-
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index f544dffb06..819bd3c789 100644
--- a/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # Upgrading to App-V for Windows 10 from an existing installation
 
+**Applies to**
+-   Windows 10, version 1607
+
 If you’re already using App-V and you’re planning to upgrade user devices to Windows 10, you need to make only the following few adjustments to your existing environment to start using App-V for Windows 10. 
 
 1. [Upgrade user devices to Windows 10](#upgrade-user-devices-to-windows-10). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
@@ -40,9 +43,9 @@ To verify that the user’s App-V settings were migrated correctly, type `Get-Ap
 
 With Windows 10, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. 
 
-**To enable the App-V client with Group Policy**:
+**To enable the App-V client with Group Policy**
 
-1. Open the device’s **Local Group Policy Editor**.
+1. Open the device’s **Group Policy Editor**.
 
 2. Navigate to **Computer Configuration > Administrative Templates > System > App-V**. 
 
@@ -50,7 +53,7 @@ With Windows 10, the App-V client is installed automatically. You need to enable
 
 4. Restart the device.
 
-**To enable the App-V client with Windows PowerShell**:
+**To enable the App-V client with Windows PowerShell**
 
 1. Open Windows PowerShell.
 
@@ -78,16 +81,6 @@ Type the following cmdlet in a Windows PowerShell window:
 
 3. Enter your existing App-V publishing server’s details in **Options** and then click or press **Apply**.
 
-<!-- For the following three items, we're looking for more detail from Chintan --> 
-
-Ensure newly added machine/ user is entitled to receive packages from the server configure in step #2.  
-
-Sync and verify packages and/or connection groups pushed by the App-V server function correctly.  
-
-Validate other package management commands (unpublish, remove etc.).
-
-<!-- ++++++++++++++++++++++++++++++ -->
-
 ## Verify that the in-box App-V client can receive and launch .appv packages
 
 1. Add and publish a package using the following Windows PowerShell cmdlets: 
@@ -102,4 +95,4 @@ Validate other package management commands (unpublish, remove etc.).
 
 ## Have a suggestion for App-V?
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/manage/appv-using-the-client-management-console.md b/windows/manage/appv-using-the-client-management-console.md
index 64affa5f4b..c029733b1d 100644
--- a/windows/manage/appv-using-the-client-management-console.md
+++ b/windows/manage/appv-using-the-client-management-console.md
@@ -11,25 +11,38 @@ ms.prod: w10
 
 # Using the App-V Client Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
-This topic provides information about how you can configure and manage the Microsoft Application Virtualization (App-V) client.
+This topic provides information about about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
 
-## Modify App-V client configuration
+## Obtain the client management console
 
+The client management console is separate from the App-V client itself. You can download the client management console from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=41186).
 
-The App-V client has associated settings that can be configured to determine how the client will run in your environment. You can manage these settings on the computer that runs the client or by using PowerShell or Group Policy. For more information about how to modify the client using PowerShell or Group Policy configuration see, [How to Modify Client Configuration by Using PowerShell](appv-modify-client-configuration-with-powershell.md).
+> [!NOTE]  
+To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client.
+
+## Options for managing the App-V client
+
+The App-V client has associated settings that can be configured to determine how the client will run in your environment. You can manage these settings on the computer that runs the client, or you can use Windows PowerShell or Group Policy. For more information about configuring the client by using Windows PowerShell or Group Policy, see:
+
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+
+- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+
+- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) 
 
 ## <a href="" id="the-app-v-5-1-client-management-console-"></a>The App-V client management console
 
-
-You can obtain information about the App-V client or perform specific tasks by using the App-V client management console. Many of the tasks that you can perform in the client management console you can also perform by using PowerShell. The associated PowerShell cmdlets for each action are also displayed in the following table. For more information about how to use PowerShell, see [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md).
+You can obtain information about the App-V client or perform specific tasks by using the App-V client management console. Many of the tasks that you can perform in the client management console you can also perform by using Windows PowerShell. The associated Windows PowerShell cmdlets for each action are also displayed in the following table. For more information about how to use Windows PowerShell, see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
 
 The client management console contains the following described main tabs.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="20%" />
+<col width="80%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -45,10 +58,10 @@ The client management console contains the following described main tabs.
 <li><p>Update – Use the <strong>Update</strong> tile to refresh a virtualized application or to receive a new virtualized package.</p>
 <p>The <strong>Last Refresh</strong> displays the current version of the virtualized package.</p></li>
 <li><p>Download all virtual applications – Use the <strong>Download</strong> tile to download all of the packages provisioned to the current user.</p>
-<p>(Associated PowerShell cmdlet: <strong>Mount-AppvClientPackage</strong>)</p>
+<p>(Associated Windows PowerShell cmdlet: <strong>Mount-AppvClientPackage</strong>)</p>
 <p></p></li>
 <li><p>Work Offline – Use this tile to disallow all automatic and manual virtual application updates.</p>
-<p>(Associated PowerShell cmdlet: <strong>Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled</strong>)</p></li>
+<p>(Associated Windows PowerShell cmdlet: <strong>Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled</strong>)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
@@ -59,33 +72,17 @@ The client management console contains the following described main tabs.
 <tr class="odd">
 <td align="left"><p>App Connection Groups</p></td>
 <td align="left"><p>The <strong>APP CONNECTION GROUPS</strong> tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.</p>
-<p>(Associated PowerShell cmdlets: Download - <strong>Mount-AppvClientConnectionGroup</strong>. Repair -<strong>AppvClientConnectionGroup</strong>.)</p>
+<p>(Associated Windows PowerShell cmdlets: Download - <strong>Mount-AppvClientConnectionGroup</strong>. Repair -<strong>AppvClientConnectionGroup</strong>.)</p>
 <p></p></td>
 </tr>
 </tbody>
 </table>
 
- 
-
-[How to Access the Client Management Console](appv-accessing-the-client-management-console.md)
-
-[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
-
 ## Have a suggestion for App-V?
 
 
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index 5a89f2304c..be5ea2635f 100644
--- a/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
 
+**Applies to**
+-   Windows 10, version 1607
 
 Use the following procedure to view and configure default package extensions.
 
@@ -28,18 +30,10 @@ Use the following procedure to view and configure default package extensions.
 
 5.  To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process.
 
-    **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Operations for App-V](appv-operations.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/appv-viewing-appv-server-publishing-metadata.md b/windows/manage/appv-viewing-appv-server-publishing-metadata.md
index abfc25f877..c56544ab71 100644
--- a/windows/manage/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/manage/appv-viewing-appv-server-publishing-metadata.md
@@ -11,136 +11,67 @@ ms.prod: w10
 
 # Viewing App-V Server Publishing Metadata
 
+**Applies to**
+-   Windows Server 2016
 
-Use this procedure to view publishing metadata, which can help you resolve publishing-related issues. You must be using the App-V Management server to use this procedure.
+Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues. You must be using the App-V Management server to use this procedure.
 
 This article contains the following information:
 
--   [App-V requirements for viewing publishing metadata](#bkmk-51-reqs-pub-meta)
+-   [Definition of publishing metadata](#bkmk-whatis-pub-metadata)
 
 -   [Syntax to use for viewing publishing metadata](#bkmk-syntax-view-pub-meta)
 
--   [Query values for client operating system and version](#bkmk-values-query-pub-meta)
+-   [Query values for client operating system](#bkmk-values-query-pub-meta)
 
--   [Definition of publishing metadata](#bkmk-whatis-pub-metadata)
+## <a href="" id="bkmk-whatis-pub-metadata"></a>Definition of publishing metadata
 
-## <a href="" id="bkmk-51-reqs-pub-meta"></a>App-V requirements for viewing publishing metadata
+When packages are published to a computer that is running the App-V client, metadata is sent to that computer indicating which packages and connection groups are being published. The App-V Client makes two separate requests for the following:
 
+-   Packages and connection groups that are entitled to the client computer.
 
-In App-V, you must provide the following values in the address when you query the App-V Publishing server for metadata:
+-   Packages and connection groups that are entitled to the current user.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Value</th>
-<th align="left">Additional details</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p><strong>ClientVersion</strong></p></td>
-<td align="left"><p>If you omit the <strong>ClientVersion</strong> parameter from the query, the metadata excludes the features that were new in App-V 5.0 SP3.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p><strong>ClientOS</strong></p></td>
-<td align="left"><p>You have to provide this value only if you select specific client operating systems when you sequence the package. If you select the default (all operating systems), do not specify this value in the query.</p>
-<p>If you omit the <strong>ClientOS</strong> parameter from the query, only the packages that were sequenced to support any operating system appear in the metadata.</p></td>
-</tr>
-</tbody>
-</table>
+The Publishing server communicates with the Management server to determine which packages and connection groups are available to the requester. The Publishing server must be registered with the Management server in order for the metadata to be generated.
 
- 
+You can view the metadata for each request in an Internet browser by using a query that is in the context of the specific user or computer.
 
 ## <a href="" id="bkmk-syntax-view-pub-meta"></a>Query syntax for viewing publishing metadata
 
+This section provides information about queries for viewing publishing metadata for App-V 5.0 SP3 Server and App-V 5.1 server. The App-V server components have not changed since App-V 5.0 was released, so App-V 5.x Server is the version of the server used with App-V for Windows 10.
 
-The following table provides the syntax and query examples.
+**Query syntax**
 
-<table>
-<colgroup>
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Version of App-V</th>
-<th align="left">Query syntax</th>
-<th align="left">Parameter descriptions</th>
-<th align="left">Example</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>App-V 5.0 SP3 and App-V</p></td>
-<td align="left"><p><code>http://&lt;PubServer&gt;:&lt;Publishing Port#&gt;/?ClientVersion=&lt;AppvClientVersion&gt;&amp;ClientOS=&lt;OSStringValue&gt;</code></p></td>
-<td align="left"><table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Parameter</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>&lt;PubServer&gt;</p></td>
-<td align="left"><p>Name of the App-V Publishing server.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>&lt;Publishing Port#&gt;</p></td>
-<td align="left"><p>Port to the App-V Publishing server, which you defined when you configured the Publishing server.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>ClientVersion=&lt;AppvClientVersion&gt;</p></td>
-<td align="left"><p>Version of the App-V client. Refer to the following table for the correct value to use.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>ClientOS=&lt;OSStringValue&gt;</p></td>
-<td align="left"><p>Operating system of the computer that is running the App-V client. Refer to the following table for the correct value to use.</p></td>
-</tr>
-</tbody>
-</table>
-<p> </p>
-<p>To get the name of the Publishing server and the port number (http://&lt;PubServer&gt;:&lt;Publishing Port#&gt;) from the App-V Client, look at the URL configuration of the <strong>Get-AppvPublishingServer</strong> PowerShell cmdlet.</p></td>
-<td align="left"><p><code>http://pubsvr01:2718/?clientversion=5.0.10066.0&amp;clientos=WindowsClient_6.2_x64</code></p>
-<p>In the example:</p>
-<ul>
-<li><p>A Windows Server 2012 R2 named “pubsvr01” hosts the Publishing service.</p></li>
-<li><p>The Windows client is Windows 8.1 64-bit.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>App-V 5.0 through App-V 5.0 SP2</p></td>
-<td align="left"><p><code>http://&lt;PubServer&gt;:&lt;Publishing Port#&gt;/ </code></p>
-<div class="alert">
-<strong>Note</strong>  
-<p><strong>ClientVersion</strong> and <strong>ClientOS</strong> are supported only in App-V 5.0 SP3 and App-V.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left"><p>See the information for App-V 5.0 SP3 and App-V.</p></td>
-<td align="left"><p><code>http://pubsvr01:2718</code></p>
-<p>In the example, A Windows Server 2012 R2 named “pubsvr01” hosts the Management and Publishing services.</p></td>
-</tr>
-</tbody>
-</table>
+`http://<PubServer>:<Publishing Port#>/?ClientVersion=<BuildNumber>&ClientOS=<OSStringValue>`
 
- 
+For information about the variables in this syntax, see the table that follows.
 
-## <a href="" id="bkmk-values-query-pub-meta"></a>Query values for client operating system and version
+**Query example**
 
+`http://pubsvr01:2718/?ClientVersion=10.0.14393&ClientOS=WindowsClient_10.0_x64`
 
-In your publishing metadata query, enter the string values that correspond to the client operating system and version that you’re using.
+In this example:
+
+- A computer running Windows Server 2016 named “pubsvr01” hosts the Publishing service.
+
+- The Windows client is Windows 10, 64-bit.
+
+**Query parameter descriptions**
+
+The following table describes the parameters shown in the preceding **Query syntax**.
+
+| Parameter  | Description   |
+|------------|---------------|
+| `<PubServer>`  |  Name of the App-V Publishing server. |
+| `<Publishing Port#>` | Port to the App-V Publishing server, which you defined when you configured the Publishing server. |
+| `ClientVersion=<BuildNumber>` | Windows 10 build number. You can obtain this number by running the following Windows PowerShell command:<br>`(Get-CimInstance Win32_OperatingSystem).version`  |
+| `ClientOS=<OSStringValue>` | Operating system of the computer that is running the App-V client. Refer to the table that follows for the correct value.<br>You can omit this parameter, with the result that only the packages that were sequenced to support all operating systems will appear in the metadata. |
+
+To get the name of the Publishing server and the port number (`http://<PubServer>:<Publishing Port#>`) from the App-V client, look at the URL configuration of the <strong>Get-AppvPublishingServer</strong> Windows PowerShell cmdlet.
+
+## <a href="" id="bkmk-values-query-pub-meta"></a>Query values for client operating system
+
+In your publishing metadata query, enter the string values that correspond to the client operating system that you’re using.
 
 <table>
 <colgroup>
@@ -207,16 +138,6 @@ In your publishing metadata query, enter the string values that correspond to th
 <td align="left"><p>WindowsServer_6.2_x86</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>Windows 7</p></td>
-<td align="left"><p>64-bit</p></td>
-<td align="left"><p>WindowsClient_6.1_x64</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Windows 7</p></td>
-<td align="left"><p>32-bit</p></td>
-<td align="left"><p>WindowsClient_6.1_x86</p></td>
-</tr>
-<tr class="odd">
 <td align="left"><p>Windows Server 2008 R2</p></td>
 <td align="left"><p>64-bit</p></td>
 <td align="left"><p>WindowsServer_6.1_x64</p></td>
@@ -229,36 +150,11 @@ In your publishing metadata query, enter the string values that correspond to th
 </tbody>
 </table>
 
- 
-
-## <a href="" id="bkmk-whatis-pub-metadata"></a>Definition of publishing metadata
-
-
-When packages are published to a computer that is running the App-V client, metadata is sent to that computer indicating which packages and connection groups are being published. The App-V Client makes two separate requests for the following:
-
--   Packages and connection groups that are entitled to the client computer.
-
--   Packages and connection groups that are entitled to the current user.
-
-The Publishing server communicates with the Management server to determine which packages and connection groups are available to the requester. The Publishing server must be registered with the Management server in order for the metadata to be generated.
-
-You can view the metadata for each request in an Internet browser by using a query that is in the context of the specific user or computer.
 
 ## Have a suggestion for App-V?
 
-
-Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
 
-
 [Technical Reference for App-V](appv-technical-reference.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index 67f0217f4c..371cdedb8d 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -12,12 +12,23 @@ author: jdeckerMS
 
 This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## September 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) | Added Group Policy setting to replace Gesture Filter |
+| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added content for Windows Server 2016 |
+| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the script for setting a custom shell using Shell Launcher. |
 
 ## August 2016
 
 | New or changed topic | Description |
 | --- | --- |
-| [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout |
+| [Create mandatory user profiles](mandatory-user-profile.md) | New |
+| [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout; added note to explain the difference between applying taskbar configuration by Group Policy and by provisioning package |
+| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated instructions for exiting assigned access mode. |
+| Application development for Windows as a service  |  Topic moved to MSDN: [Application development for Windows as a service](https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service)
+
 
 ## RELEASE: Windows 10, version 1607
 
@@ -91,7 +102,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 | ---|---|
 | [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) | New |
 | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | New |
-|[Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New |
+| [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New |
 
 ## November 2015
 
diff --git a/windows/manage/changes-to-start-policies-in-windows-10.md b/windows/manage/changes-to-start-policies-in-windows-10.md
index ad0589981e..743009e354 100644
--- a/windows/manage/changes-to-start-policies-in-windows-10.md
+++ b/windows/manage/changes-to-start-policies-in-windows-10.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Changes to Group Policy settings for Windows 10 Start
@@ -55,7 +55,7 @@ These policy settings are available in **Administrative Templates\\Start Menu an
 </tr>
 <tr class="even">
 <td align="left">Prevent users from customizing their Start Screen</td>
-<td align="left"><p>Use this policy in conjunction with [CopyProfile](http://go.microsoft.com/fwlink/p/?LinkId=623229) or other methods for configuring the layout of Start to prevent users from changing it</p></td>
+<td align="left"><p>Use this policy in conjunction with [CopyProfile](https://go.microsoft.com/fwlink/p/?LinkId=623229) or other methods for configuring the layout of Start to prevent users from changing it</p></td>
 </tr>
 <tr class="odd">
 <td align="left">Prevent users from uninstalling applications from Start</td>
diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md
index 175c61bf6e..b28734a5f6 100644
--- a/windows/manage/configure-devices-without-mdm.md
+++ b/windows/manage/configure-devices-without-mdm.md
@@ -71,7 +71,7 @@ Provisioning packages are simple for employees to install. And when they remove
 
      
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Create a provisioning package 
 
@@ -125,7 +125,7 @@ When you run Windows ICD, you have several options for creating your package.
 3.  Name your project, and click **Next**.
 4.  Choose **All Windows editions**, **All Windows desktop editions**, or **All Windows mobile editions**, depending on the devices you intend to provision, and click **Next**.
 5.  On **New project**, click **Finish**. The workspace for your package opens.
-6.  Configure settings. [Learn more about specific settings in provisioning packages.]( http://go.microsoft.com/fwlink/p/?LinkId=615916)
+6.  Configure settings. [Learn more about specific settings in provisioning packages.]( https://go.microsoft.com/fwlink/p/?LinkId=615916)
 7.  On the **File** menu, select **Save.**
 8.  On the **Export** menu, select **Provisioning package**.
 9.  Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
@@ -155,7 +155,7 @@ When you run Windows ICD, you have several options for creating your package.
     -   Email
     -   USB tether (mobile only)
 
-Learn more: [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651)
+Learn more: [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651)
 
 ## Apply package
 
@@ -186,9 +186,9 @@ On a mobile device, the employee goes to **Settings** &gt; **Accounts** &gt; **P
 ## Learn more
 
 
--   [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
  
 
diff --git a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
index 377c8066cf..8a9777af29 100644
--- a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
+++ b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
@@ -1,1259 +1,4 @@
 ---
 title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
 redirect_url: https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
----
-
-# Configure Windows 10 devices to stop data flow to Microsoft
-
-**Applies to**
-
--   Windows 10
-
-If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
-
-Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
-
-If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
-
-Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, and the July release of Windows 10. However, you must use Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511 to manage them all.
-
-In Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511, you can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
-
-We are always working on improving Windows 10 for our customers. We invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows 10 work better for your organization.
-
-Here's what's covered in this article:
-
--   [Info management settings](#bkmk-othersettings)
-
-    -   [1. Cortana](#bkmk-cortana)
-
-        -   [1.1 Cortana Group Policies](#bkmk-cortana-gp)
-
-        -   [1.2 Cortana MDM policies](#bkmk-cortana-mdm)
-
-        -   [1.3 Cortana Windows Provisioning](#bkmk-cortana-prov)
-
-    -   [2. Date & Time](#bkmk-datetime)
-
-    -   [3. Device metadata retrieval](#bkmk-devinst)
-
-    -   [4. Font streaming](#font-streaming)
-
-    -   [5. Insider Preview builds](#bkmk-previewbuilds)
-
-    -   [6. Internet Explorer](#bkmk-ie)
-
-        -   [6.1 Internet Explorer Group Policies](#bkmk-ie-gp)
-
-        -   [6.2 ActiveX control blocking](#bkmk-ie-activex)
-
-    -   [7. Live Tiles](#live-tiles)
-    
-    -   [8. Mail synchronization](#bkmk-mailsync)
-
-    -   [9. Microsoft Edge](#bkmk-edge)
-
-        -   [9.1 Microsoft Edge Group Policies](#bkmk-edgegp)
-
-        -   [9.2 Microsoft Edge MDM policies](#bkmk-edge-mdm)
-
-        -   [9.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov)
-
-    -   [10. Network Connection Status Indicator](#bkmk-ncsi)
-
-    -   [11. Offline maps](#bkmk-offlinemaps)
-
-    -   [12. OneDrive](#bkmk-onedrive)
-
-    -   [13. Preinstalled apps](#bkmk-preinstalledapps)
-
-    -   [14. Settings &gt; Privacy](#bkmk-settingssection)
-
-        -   [14.1 General](#bkmk-priv-general)
-
-        -   [14.2 Location](#bkmk-priv-location)
-
-        -   [14.3 Camera](#bkmk-priv-camera)
-
-        -   [14.4 Microphone](#bkmk-priv-microphone)
-
-        -   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
-
-        -   [14.6 Account info](#bkmk-priv-accounts)
-
-        -   [14.7 Contacts](#bkmk-priv-contacts)
-
-        -   [14.8 Calendar](#bkmk-priv-calendar)
-
-        -   [14.9 Call history](#bkmk-priv-callhistory)
-
-        -   [14.10 Email](#bkmk-priv-email)
-
-        -   [14.11 Messaging](#bkmk-priv-messaging)
-
-        -   [14.12 Radios](#bkmk-priv-radios)
-
-        -   [14.13 Other devices](#bkmk-priv-other-devices)
-
-        -   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
-
-        -   [14.15 Background apps](#bkmk-priv-background)
-
-    -   [15. Software Protection Platform](#bkmk-spp)
-
-    -   [16. Sync your settings](#bkmk-syncsettings)
-
-    -   [17. Teredo](#bkmk-teredo)
-
-    -   [18. Wi-Fi Sense](#bkmk-wifisense)
-
-    -   [19. Windows Defender](#bkmk-defender)
-
-    -   [20. Windows Media Player](#bkmk-wmp)
-
-    -   [21. Windows spotlight](#bkmk-spotlight)
-
-    -   [22. Windows Store](#bkmk-windowsstore)
-
-    -   [23. Windows Update Delivery Optimization](#bkmk-updates)
-
-        -   [23.1 Settings &gt; Update & security](#bkmk-wudo-ui)
-
-        -   [23.2 Delivery Optimization Group Policies](#bkmk-wudo-gp)
-
-        -   [23.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm)
-
-        -   [23.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov)
-
-    -   [24. Windows Update](#bkmk-wu)
-
-## What's new in Windows 10, version 1511
-
-
-Here's a list of changes that were made to this article for Windows 10, version 1511:
-
--   Added the following new sections:
-
-    -   [Mail synchronization](#bkmk-mailsync)
-
-    -   [Offline maps](#bkmk-offlinemaps)
-
-    -   [Windows spotlight](#bkmk-spotlight)
-
-    -   [Windows Store](#bkmk-windowsstore)
-
--   Added the following Group Policies:
-
-    -   Open a new tab with an empty tab
-
-    -   Configure corporate Home pages
-
-    -   Let Windows apps access location
-
-    -   Let Windows apps access the camera
-
-    -   Let Windows apps access the microphone
-
-    -   Let Windows apps access account information
-
-    -   Let Windows apps access contacts
-
-    -   Let Windows apps access the calendar
-
-    -   Let Windows apps access messaging
-
-    -   Let Windows apps control radios
-
-    -   Let Windows apps access trusted devices
-
-    -   Do not show feedback notifications
-
-    -   Turn off Automatic Download and Update of Map Data
-
-    -   Force a specific default lock screen image
-
--   Added the AllowLinguisticDataCollection MDM policy.
-
--   Added steps in the [Cortana](#bkmk-cortana) section on how to disable outbound traffic using Windows Firewall.
-
--   Changed the Windows Update section to apply system-wide settings, and not just per user.
-
-## <a href="" id="bkmk-othersettings"></a>Info management settings
-
-
-This section lists the components that make network connections to Microsoft services automatically. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
-
-The settings in this section assume you are using Windows 10, version 1511 (currently available in the Current Branch and Current Branch for Business). They will also be included in the next update for the Long Term Servicing Branch.
-
--   [1. Cortana](#bkmk-cortana)
-
--   [2. Date & Time](#bkmk-datetime)
-
--   [3. Device metadata retrieval](#bkmk-devinst)
-
--   [4. Font streaming](#font-streaming)
-
--   [5. Insider Preview builds](#bkmk-previewbuilds)
-
--   [6. Internet Explorer](#bkmk-ie)
-
--   [7. Live Tiles](#live-tiles)
-
--   [8. Mail synchronization](#bkmk-mailsync)
-
--   [9. Microsoft Edge](#bkmk-edge)
-
--   [10. Network Connection Status Indicator](#bkmk-ncsi)
-
--   [11. Offline maps](#bkmk-offlinemaps)
-
--   [12. OneDrive](#bkmk-onedrive)
-
--   [13. Preinstalled apps](#bkmk-preinstalledapps)
-
--   [14. Settings &gt; Privacy](#bkmk-settingssection)
-
--   [15. Software Protection Platform](#bkmk-spp)
-
--   [16. Sync your settings](#bkmk-syncsettings)
-
--   [17. Teredo](#bkmk-teredo)
-
--   [18. Wi-Fi Sense](#bkmk-wifisense)
-
--   [19. Windows Defender](#bkmk-defender)
-
--   [20. Windows Media Player](#bkmk-wmp)
-
--   [21. Windows spotlight](#bkmk-spotlight)
-
--   [22. Windows Store](#bkmk-windowsstore)
-
--   [23. Windows Update Delivery Optimization](#bkmk-updates)
-
--   [24. Windows Update](#bkmk-wu)
-
-
-See the following table for a summary of the management settings. For more info, see its corresponding section.
-
-![Management settings table](images/settings-table.png)
-
-### <a href="" id="bkmk-cortana"></a>1. Cortana
-
-Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730683).
-
-### <a href="" id="bkmk-cortana-gp"></a>1.1 Cortana Group Policies
-
-Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Search**.
-
-| Policy                                               | Description                                                                           |
-|------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.                          |
-| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.          |
-| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search. <br /> Default: Disabled|
-| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.                                        |
-| Set what information is shared in Search             | Control what information is shared with Bing in Search.                               |
-
-When you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
-
-1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
-
-2.  Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
-
-3.  On the **Rule Type** page, click **Program**, and then click **Next**.
-
-4.  On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
-
-5.  On the **Action** page, click **Block the connection**, and then click **Next**.
-
-6.  On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
-
-7.  On the **Name** page, type a name for the rule, such as **Cortana firewall configuration**, and then click **Finish.**
-
-8.  Right-click the new rule, click **Properties**, and then click **Protocols and Ports**.
-
-9.  Configure the **Protocols and Ports** page with the following info, and then click **OK**.
-
-    -   For **Protocol type**, choose **TCP**.
-
-    -   For **Local port**, choose **All Ports**.
-
-    -   For **Remote port**, choose **All ports**.
-
-> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
-
-### <a href="" id="bkmk-cortana-mdm"></a>1.2 Cortana MDM policies
-
-The following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
-| Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. <br /> Default: Allowed|
-
-### <a href="" id="bkmk-cortana-prov"></a>1.3 Cortana Windows Provisioning
-
-To use Windows Imaging and Configuration Designer (ICD) to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies** to find **Experience** &gt; **AllowCortana** and **Search** &gt; **AllowSearchToUseLocation**.
-
-### <a href="" id="bkmk-datetime"></a>2. Date & Time
-
-You can prevent Windows from setting the time automatically.
-
--   To turn off the feature in the UI: **Settings** &gt; **Time & language** &gt; **Date & time** &gt; **Set time automatically**
-
-    -or-
-
--   Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters** with a value of **NoSync**.
-
-### <a href="" id="bkmk-devinst"></a>3. Device metadata retrieval
-
-To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
-
-### <a href="" id="font-streaming"></a>4. Font streaming
-
-Starting with Windows 10, fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
-
-To turn off font streaming, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
-
-> **Note:**  This may change in future versions of Windows.
-
-### <a href="" id="bkmk-previewbuilds"></a>5. Insider Preview builds
-
-To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
-
--   Turn off the feature in the UI: **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Stop Insider builds**.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
-
-    -or-
-
--   Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-    -   **0**. Users cannot make their devices available for downloading and installing preview software.
-
-    -   **1**. Users can make their devices available for downloading and installing preview software.
-
-    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
-
-    -or-
-
--   Create a provisioning package: **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowBuildPreview**, where:
-
-    -   **0**. Users cannot make their devices available for downloading and installing preview software.
-
-    -   **1**. Users can make their devices available for downloading and installing preview software.
-
-    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
-
-### <a href="" id="bkmk-ie"></a>6. Internet Explorer
-
-Use Group Policy to manage settings for Internet Explorer.
-
-### <a href="" id="bkmk-ie-gp"></a>6.1 Internet Explorer Group Policies
-
-Find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. <br /> Default: Enabled <br /> You can also turn this off in the UI by clearing the **Internet Options** &gt; **Advanced** &gt; **Enable Suggested Sites** check box.|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the address bar. <br /> Default: Enabled|
-| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the address bar. <br /> Default: Disabled </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> &gt; **Advanced** &gt; **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
-| Disable Periodic Check for Internet Explorer software updates| Choose whether Internet Explorer periodically checks for a new version. <br /> Default: Enabled |
-| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> Default: Disabled|
-
-### <a href="" id="bkmk-ie-activex"></a>6.2 ActiveX control blocking
-
-ActiveX control blocking periodically downloads a new list of out-of-date ActiveX controls that should be blocked. You can turn this off by changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
-
-For more info, see [Out-of-date ActiveX control blocking](http://technet.microsoft.com/library/dn761713.aspx).
-
-### <a href="" id="live-tiles"></a>7. Live Tiles
-
-To turn off Live Tiles:
-
--   Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
-
-### <a href="" id="bkmk-mailsync"></a>8. Mail synchronization
-
-To turn off mail synchronization for Microsoft Accounts that are configured on a device:
-
--   In **Settings** &gt; **Accounts** &gt; **Your email and accounts**, remove any connected Microsoft Accounts.
-
-    -or-
-
--   Remove any Microsoft Accounts from the Mail app.
-
-    -or-
-
--   Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device.
-
-To turn off the Windows Mail app:
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Mail** &gt; **Turn off Windows Mail application**
-
-### <a href="" id="bkmk-edge"></a>9. Microsoft Edge
-
-Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682).
-
-### <a href="" id="bkmk-edgegp"></a>9.1 Microsoft Edge Group Policies
-
-Find the Microsoft Edge Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge**.
-
-> **Note:**  The Microsoft Edge Group Policy names were changed in Windows 10, version 1511. The table below reflects those changes.
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn off autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
-| Allow employees to send Do Not Track headers         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
-| Turn off password manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
-| Turn off address bar search suggestions              | Choose whether the address bar shows search suggestions. <br /> Default: Enabled                    |
-| Turn off the SmartScreen Filter                      | Choose whether SmartScreen is turned on or off.  <br /> Default: Enabled                            |
-| Open a new tab with an empty tab                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
-| Configure corporate Home pages                       | Choose the corporate Home page for domain-joined devices. <br /> Set this to **about:blank**        |
-
-### <a href="" id="bkmk-edge-mdm"></a>9.2 Microsoft Edge MDM policies
-
-The following Microsoft Edge MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. <br /> Default: Allowed                      |
-| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.<br /> Default: Not allowed                  |
-| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. <br /> Default: Allowed       |
-| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the address bar shows search suggestions.. <br /> Default: Allowed                   |
-| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
-
-### <a href="" id="bkmk-edge-prov"></a>9.3 Microsoft Edge Windows Provisioning
-
-Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies**.
-
-For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx).
-
-### <a href="" id="bkmk-ncsi"></a>10. Network Connection Status Indicator
-
-Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftncsi.com to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
-
-You can turn off NCSI through Group Policy:
-
--   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
-
-> **Note**  After you apply this policy, you must restart the device for the policy setting to take effect.
-
-### <a href="" id="bkmk-offlinemaps"></a>11. Offline maps
-
-You can turn off the ability to download and update offline maps.
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
-
-### <a href="" id="bkmk-onedrive"></a>12. OneDrive
-
-To turn off OneDrive in your organization:
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
-
-### <a href="" id="bkmk-preinstalledapps"></a>13. Preinstalled apps
-
-Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
-
-To remove the News app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage**
-
-To remove the Weather app:
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingWeather"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage**
-
-To remove the Money app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingFinance"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage**
-
-To remove the Sports app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingSports"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage**
-
-To remove the Twitter app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "\*.Twitter"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage \*.Twitter | Remove-AppxPackage**
-
-To remove the XBOX app:
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.XboxApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage**
-
-To remove the Sway app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.Sway"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage**
-
-To remove the OneNote app:
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.OneNote"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage**
-
-To remove the Get Office app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.MicrosoftOfficeHub"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage**
-
-To remove the Get Skype app:
-
--   Right-click the Sports app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.SkypeApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
-
-### <a href="" id="bkmk-settingssection"></a>14. Settings &gt; Privacy
-
-Use Settings &gt; Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
-
--   [14.1 General](#bkmk-general)
-
--   [14.2 Location](#bkmk-priv-location)
-
--   [14.3 Camera](#bkmk-priv-camera)
-
--   [14.4 Microphone](#bkmk-priv-microphone)
-
--   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
-
--   [14.6 Account info](#bkmk-priv-accounts)
-
--   [14.7 Contacts](#bkmk-priv-contacts)
-
--   [14.8 Calendar](#bkmk-priv-calendar)
-
--   [14.9 Call history](#bkmk-priv-callhistory)
-
--   [14.10 Email](#bkmk-priv-email)
-
--   [14.11 Messaging](#bkmk-priv-messaging)
-
--   [14.12 Radios](#bkmk-priv-radios)
-
--   [14.13 Other devices](#bkmk-priv-other-devices)
-
--   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
-
--   [14.15 Background apps](#bkmk-priv-background)
-
-### <a href="" id="bkmk-general"></a>14.1 General
-
-**General** includes options that don't fall into other areas.
-
-To turn off **Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)**:
-
-> **Note:** When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
-
-    -or-
-
--   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo**, with a value of 0 (zero).
-
-To turn off **Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
-
-    Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
-
-    -or-
-
--   Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
-
-    -or-
-
--   Create a provisioning package, using:
-
-    -   For Internet Explorer: **Runtime settings** &gt; **Policies** &gt; **Browser** &gt; **AllowSmartScreen**
-
-    -   For Microsoft Edge: **Runtime settings** &gt; **Policies** &gt; **MicrosoftEdge** &gt; **AllowSmartScreen**
-
-    -or-
-
--   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost\\EnableWebContentEvaluation**, with a value of 0 (zero).
-
-To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
-
-> **Note: **  If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
-
- 
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-    -   **0**. Not allowed
-
-    -   **1**. Allowed (default)
-
-To turn off **Let websites provide locally relevant content by accessing my language list**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
-
-### <a href="" id="bkmk-priv-location"></a>14.2 Location
-
-In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
-
-To turn off **Location for this device**:
-
--   Click the **Change** button in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
-
-    -or-
-
--   Apply the System/AllowLocation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Turned off and the employee can't turn it back on.
-
-    -   **1**. Turned on, but lets the employee choose whether to use it. (default)
-
-    -   **2**. Turned on and the employee can't turn it off.
-
-    **Note**  
-    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
-
-    -or-
-
--   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowLocation**, where
-
-    -   **No**. Turns off location service.
-
-    -   **Yes**. Turns on location service. (default)
-
-To turn off **Location**:
-
--   Turn off the feature in the UI.
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-    -or-
-
-To turn off **Location history**:
-
--   Erase the history using the **Clear** button in the UI.
-
-To turn off **Choose apps that can use your location**:
-
--   Turn off each app using the UI.
-
-### <a href="" id="bkmk-priv-camera"></a>14.3 Camera
-
-In the **Camera** area, you can choose which apps can access a device's camera.
-
-To turn off **Let apps use my camera**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the camera**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-    -or-
-
--   Apply the Camera/AllowCamera MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Apps can't use the camera.
-
-    -   **1**. Apps can use the camera.
-
-    **Note**  
-    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
-    
-   -or-
-
--   Create a provisioning package with use Windows ICD, using **Runtime settings** &gt; **Policies** &gt; **Camera** &gt; **AllowCamera**, where:
-
-    -   **0**. Apps can't use the camera.
-
-    -   **1**. Apps can use the camera.
-
-To turn off **Choose apps that can use your camera**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-microphone"></a>14.4 Microphone
-
-In the **Microphone** area, you can choose which apps can access a device's microphone.
-
-To turn off **Let apps use my microphone**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the microphone**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can use your microphone**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-speech"></a>14.5 Speech, inking, & typing
-
-In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
-
-> **Note:**  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
-
- 
-
-To turn off the functionality:
-
--   Click the **Stop getting to know me** button, and then click **Turn off**.
-
-   -or-
-
--   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Regional and Language Options** &gt; **Handwriting personalization** &gt; **Turn off automatic learning**
-
-   -or-
-
--   Create a REG\_DWORD registry setting called **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Personalization\\Settings**, with a value of 0 (zero).
-
-   -and-
-
-    Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
-
-### <a href="" id="bkmk-priv-accounts"></a>14.6 Account info
-
-In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
-
-To turn off **Let apps access my name, picture, and other account info**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access account information**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose the apps that can access your account info**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-contacts"></a>14.7 Contacts
-
-In the **Contacts** area, you can choose which apps can access an employee's contacts list.
-
-To turn off **Choose apps that can access contacts**:
-
--   Turn off the feature in the UI for each app.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access contacts**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-calendar"></a>14.8 Calendar
-
-In the **Calendar** area, you can choose which apps have access to an employee's calendar.
-
-To turn off **Let apps access my calendar**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the calendar**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can access calendar**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-callhistory"></a>14.9 Call history
-
-In the **Call history** area, you can choose which apps have access to an employee's call history.
-
-To turn off **Let apps access my call history**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access call history**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-email"></a>14.10 Email
-
-In the **Email** area, you can choose which apps have can access and send email.
-
-To turn off **Let apps access and send email**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access email**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-messaging"></a>14.11 Messaging
-
-In the **Messaging** area, you can choose which apps can read or send messages.
-
-To turn off **Let apps read or send messages (text or MMS)**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access messaging**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can read or send messages**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-radios"></a>14.12 Radios
-
-In the **Radios** area, you can choose which apps can turn a device's radio on or off.
-
-To turn off **Let apps control radios**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps control radios**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can control radios**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-other-devices"></a>14.13 Other devices
-
-In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info.
-
-To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
-
--   Turn off the feature in the UI.
-
-To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access trusted devices**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-feedback"></a>14.14 Feedback & diagnostics
-
-In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.
-
-To change how frequently **Windows should ask for my feedback**:
-
-**Note**  
-Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
-
- 
-
--   To change from **Automatically (Recommended)**, use the drop-down list in the UI.
-
-   -or-
-
--   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Do not show feedback notifications**
-
-   -or-
-
--   Create the registry keys (REG\_DWORD type):
-
-    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\PeriodInNanoSeconds
-
-    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\NumberOfSIUFInPeriod
-
-    Based on these settings:
-
-    | Setting       | PeriodInNanoSeconds         | NumberOfSIUFInPeriod        |
-    |---------------|-----------------------------|-----------------------------|
-    | Automatically | Delete the registry setting | Delete the registry setting |
-    | Never         | 0                           | 0                           |
-    | Always        | 100000000                   | Delete the registry setting |
-    | Once a day    | 864000000000                | 1                           |
-    | Once a week   | 6048000000000               | 1                           |
-
-     
-
-To change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**:
-
--   To change from **Enhanced**, use the drop-down list in the UI. The other levels are **Basic** and **Full**.
-
-    > **Note:**  You can't use the UI to change the telemetry level to **Security**.
-
-     
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry**
-
-   -or-
-
--   Apply the System/AllowTelemetry MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Maps to the **Security** level.
-
-    -   **1**. Maps to the **Basic** level.
-
-    -   **2**. Maps to the **Enhanced** level.
-
-    -   **3**. Maps to the **Full** level.
-
-   -or-
-
--   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowTelemetry**, where:
-
-    -   **0**. Maps to the **Security** level.
-
-    -   **1**. Maps to the **Basic** level.
-
-    -   **2**. Maps to the **Enhanced** level.
-
-    -   **3**. Maps to the **Full** level.
-
-### <a href="" id="bkmk-priv-background"></a>14.15 Background apps
-
-In the **Background Apps** area, you can choose which apps can run in the background.
-
-To turn off **Let apps run in the background**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-spp"></a>15. Software Protection Platform
-
-Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by applying the following Group Policy:
-
-**Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
-
-The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
-
-### <a href="" id="bkmk-syncsettings"></a>16. Sync your settings
-
-You can control if your settings are synchronized:
-
--   In the UI: **Settings** &gt; **Accounts** &gt; **Sync your settings**
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**
-
-    -or-
-
--   Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed.
-
-    -or-
-
--   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **Experience** &gt; **AllowSyncMySettings**, where
-
-    -   **No**. Settings are not synchronized.
-
-    -   **Yes**. Settings are synchronized. (default)
-
-To turn off Messaging cloud sync:
-
--   Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
-
-### <a href="" id="bkmk-teredo"></a>17. Teredo
-
-You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
-
--   From an elevated command prompt, run **netsh interface teredo set state disabled**
-
-### <a href="" id="bkmk-wifisense"></a>18. Wi-Fi Sense
-
-Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
-
-To turn off **Connect to suggested open hotspots** and **Connect to networks shared by my contacts**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Network** &gt; **WLAN Service** &gt; **WLAN Settings** &gt; **Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services**.
-
-    -or-
-
--   Create a new REG\_DWORD registry setting called **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config**, with a value of 0 (zero).
-
-    -or-
-
--   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
-
-    -or-
-
--   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
-
-When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
-
-### <a href="" id="bkmk-defender"></a>19. Windows Defender
-
-You can opt out of the Microsoft Antimalware Protection Service.
-
--   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Join Microsoft MAPS**
-
-    -or-
-
--   Apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-    -or-
-
--   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to 0 (zero).
-    
-    -and-
-    
-    From an elevated Windows PowerShell prompt, run **set-mppreference -Mapsreporting 0** 
-
-You can stop sending file samples back to Microsoft.
-
--   Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Send file samples when further analysis is required** to **Always Prompt** or **Never Send**.
-
-    -or-
-
--   Apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Always prompt.
-
-    -   **1**. (default) Send safe samples automatically.
-
-    -   **2**. Never send.
-
-    -   **3**. Send all samples automatically.
-
-    -or-
-
--   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to 0 (zero) to always prompt or 2 to never send.
-
-You can stop downloading definition updates:
-
--   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
-
-    -and-
-
--   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
-
-You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
-
-### <a href="" id="bkmk-wmp"></a>20. Windows Media Player
-
-To remove Windows Media Player:
-
--   From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
-
-    -or-
-
--   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
-
-### <a href="" id="bkmk-spotlight"></a>21. Windows spotlight
-
-Windows spotlight provides different background images and text on the lock screen. You can control it by using the user interface or through Group Policy.
-
--   Configure the following in **Settings**:
-
-    -   **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight**, select a different background, and turn off **Show me tips, tricks, and more on the lock screen**.
-
-    -   **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.
-
-    -   **System** &gt; **Notifications & actions** &gt; **Show me tips about Windows**.
-
-    -or-
-
--   Apply the Group Policies:
-
-    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
-        -   Add a location in the **Path to local lock screen image** box.
-
-        -   Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
-
-        **Note**  This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**.
-
-         
-
-    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows Tips**.
-
-    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences**.
-
-For more info, see [Windows spotlight on the lock screen](../whats-new/windows-spotlight.md).
-
-### <a href="" id="bkmk-windowsstore"></a>22. Windows Store
-
-You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled.
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Windows Store**.
-
-### <a href="" id="bkmk-updates"></a>23. Windows Update Delivery Optimization
-
-Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
-
-By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
-
-Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
-
-### <a href="" id="bkmk-wudo-ui"></a>23.1 Settings &gt; Update & security
-
-You can set up Delivery Optimization from the **Settings** UI.
-
--   Go to **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Choose how updates are delivered**.
-
-### <a href="" id="bkmk-wudo-gp"></a>23.2 Delivery Optimization Group Policies
-
-You can find the Delivery Optimization Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization**.
-
-| Policy                    | Description                                                                                         |
-|---------------------------|-----------------------------------------------------------------------------------------------------|
-| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li></ul>|
-| Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
-| Max Cache Age             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
-| Max Cache Size            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
-| Max Upload Bandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
-
-### <a href="" id="bkmk-wudo-mdm"></a>23.3 Delivery Optimization MDM policies
-
-The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                    | Description                                                                                         |
-|---------------------------|-----------------------------------------------------------------------------------------------------|
-| DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
-| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
-| DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
-| DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
-| DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
-
-
-### <a href="" id="bkmk-wudo-prov"></a>23.4 Delivery Optimization Windows Provisioning
-
-If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
-
-Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
-
-1.  Open Windows ICD, and then click **New provisioning package**.
-
-2.  In the **Name** box, type a name for the provisioning package, and then click **Next.**
-
-3.  Click the **Common to all Windows editions** option, click **Next**, and then click **Finish**.
-
-4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
-
-For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684).
-
-### <a href="" id="bkmk-wu"></a>24. Windows Update
-
-You can turn off Windows Update by setting the following registry entries:
-
--   Add a REG\_DWORD value called **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
-
-    -and-
-
--   Add a REG\_DWORD value called **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
-
-You can turn off automatic updates by doing one of the following. This is not recommended.
-
--   Add a REG\_DWORD value called **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
-
-    -or-
-
--   Apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Notify the user before downloading the update.
-
-    -   **1**. Auto install the update and then notify the user to schedule a device restart.
-
-    -   **2** (default). Auto install and restart.
-
-    -   **3**. Auto install and restart at a specified time.
-
-    -   **4**. Auto install and restart without end-user control.
-
-    -   **5**. Turn off automatic updates.
-
-To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).
+---
\ No newline at end of file
diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md
index b96590c3b1..8f9c046ff2 100644
--- a/windows/manage/configure-windows-10-taskbar.md
+++ b/windows/manage/configure-windows-10-taskbar.md
@@ -6,7 +6,7 @@ ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 # Configure Windows 10 taskbar
 
@@ -15,7 +15,7 @@ Starting in Windows 10, version 1607, administrators can pin additional apps to
 > [!NOTE]
 > The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout.
 
-You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](http://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). 
+You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). 
 
 If you specify an app to be pinned that is not installed on the computer, it won't appear on the taskbar.
 
@@ -35,11 +35,14 @@ To configure the taskbar:
 1. Create the XML file.
    * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `<CustomTaskbarLayoutCollection>` section from the following sample to the file.
    * If you are only configuring the taskbar, use the following sample to create a layout modification XML file.
-2. Edit and save the XML file. You can use [AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar.
-   * Use `<taskbar:UWA>` and [AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps.
+2. Edit and save the XML file. You can use [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar.
+   * Use `<taskbar:UWA>` and [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps.
    * Use `<taskbar:DesktopApp>` and Desktop Application Link Path to pin desktop applications. 
 3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
 
+>[!IMPORTANT]
+>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
+
 ### Tips for finding AUMID and Desktop Application Link Path
 
 In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. 
@@ -153,7 +156,7 @@ If you only want to remove some of the default pinned apps, you would use this m
   <CustomTaskbarLayoutCollection PinListPlacement="Replace">
     <defaultlayout:TaskbarLayout>
       <taskbar:TaskbarPinList>
-        <taskbar:DesktopApp DesktopApplicationLinkPath=”%APPDATA%Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk”/>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk"/>
         <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
         <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
       </taskbar:TaskbarPinList>
@@ -172,7 +175,7 @@ If you only want to remove some of the default pinned apps, you would use this m
 
 ## Configure taskbar by country or region
 
-The following example shows you how to configure taskbars by country or region. When you specify one or more country or region in `<taskbar:TaskbarPinList>`, the pinned apps in that section are only pinned on computers that are configured for that country or region. When specifying taskbar configuration by country or region, the taskbar will concatenate pinlists together so long as the target computer meets the country or region requirements. If no country or region is specified for a `<TaskbarPinList>` node, it will apply to every country and region.
+The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there is no `<TaskbarPinList>` node with a region tag for the current region, the first `<TaskbarPinList>` node that has no specified region will be applied. When you specify one or more countries or regions in a `<TaskbarPinList>` node, the specified apps are pinned on computers configured for any of the specified countries or regions. 
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -229,7 +232,7 @@ The resulting taskbar for computers in any other country region:
 
 
 > [!NOTE]
-> [Look up country and region codes (use the ISO Short column)](http://go.microsoft.com/fwlink/p/?LinkId=786445)
+> [Look up country and region codes (use the ISO Short column)](https://go.microsoft.com/fwlink/p/?LinkId=786445)
 
 
 
diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md
index 9965ade8d5..37c473d289 100644
--- a/windows/manage/configure-windows-telemetry-in-your-organization.md
+++ b/windows/manage/configure-windows-telemetry-in-your-organization.md
@@ -31,9 +31,10 @@ To frame a discussion about telemetry, it is important to understand Microsoft
 
 This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
 
-
 Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
 
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+
 ## Overview
 
 In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
@@ -66,7 +67,7 @@ Telemetry can sometimes be confused with functional data. Some Windows component
 
 There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash).    On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
 
-If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
+If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
 
 The following are specific examples of functional data:
 
@@ -150,7 +151,7 @@ The following table defines the endpoints for telemetry services:
 
 ### Data use and access
 
-The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
+The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
 
 ### Retention
 
@@ -377,15 +378,15 @@ There are a few more settings that you can turn off that may send telemetry info
 
 FAQs
 
-- [Cortana, Search, and privacy](http://windows.microsoft.com/en-us/windows-10/cortana-privacy-faq)
-- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/en-us/windows-10/feedback-diagnostics-privacy-faq)
-- [Windows 10 camera and privacy](http://windows.microsoft.com/en-us/windows-10/camera-privacy-faq)
-- [Windows 10 location service and privacy](http://windows.microsoft.com/en-us/windows-10/location-service-privacy)
-- [Microsoft Edge and privacy](http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq)
-- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/en-us/windows-10/speech-inking-typing-privacy-faq)
-- [Windows Hello and privacy](http://windows.microsoft.com/en-us/windows-10/windows-hello-privacy-faq)
-- [Wi-Fi Sense](http://windows.microsoft.com/en-us/windows-10/wi-fi-sense-faq)
-- [Windows Update Delivery Optimization](http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq)
+- [Cortana, Search, and privacy](http://windows.microsoft.com/windows-10/cortana-privacy-faq)
+- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/windows-10/feedback-diagnostics-privacy-faq)
+- [Windows 10 camera and privacy](http://windows.microsoft.com/windows-10/camera-privacy-faq)
+- [Windows 10 location service and privacy](http://windows.microsoft.com/windows-10/location-service-privacy)
+- [Microsoft Edge and privacy](http://windows.microsoft.com/windows-10/edge-privacy-faq)
+- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/windows-10/speech-inking-typing-privacy-faq)
+- [Windows Hello and privacy](http://windows.microsoft.com/windows-10/windows-hello-privacy-faq)
+- [Wi-Fi Sense](http://windows.microsoft.com/windows-10/wi-fi-sense-faq)
+- [Windows Update Delivery Optimization](http://windows.microsoft.com/windows-10/windows-update-delivery-optimization-faq)
 
 Blogs
 
@@ -393,11 +394,11 @@ Blogs
 
 Privacy Statement
 
-- [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement)
+- [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
 
 TechNet
 
-- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
 
 Web Pages
 
diff --git a/windows/manage/customize-and-export-start-layout.md b/windows/manage/customize-and-export-start-layout.md
index 68d1056ac3..87f206380e 100644
--- a/windows/manage/customize-and-export-start-layout.md
+++ b/windows/manage/customize-and-export-start-layout.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Customize and export Start layout
@@ -19,7 +19,7 @@ localizationpriority: medium
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
 
@@ -74,7 +74,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
 ## <a href="" id="bmk-exportstartscreenlayout"></a>Export the Start layout
 
 
-When you have the Start layout that you want your users to see, use the [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet in Windows PowerShell to export the Start layout to an .xml file.
+When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet in Windows PowerShell to export the Start layout to an .xml file.
 
 **To export the Start layout to an .xml file**
 
@@ -86,7 +86,7 @@ When you have the Start layout that you want your users to see, use the [Export-
 
     In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
 
-    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet does not append the file name extension, and the policy settings require the extension.
+    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet does not append the file name extension, and the policy settings require the extension.
     
     Example of a layout file produced by `Export-StartLayout`:
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
index 6c7c63c9cd..d0d6b868e6 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Customize Windows 10 Start and taskbar with Group Policy
@@ -19,7 +19,7 @@ localizationpriority: medium
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 In Windows 10 Enterprise and Windows 10 Education, you can use a Group Policy Object (GPO) to deploy a customized Start and taskbar layout to users in a domain. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
@@ -37,24 +37,24 @@ When a full Start layout is applied with this method, the users cannot pin, unpi
 
 Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education, Version 1607. Start and taskbar layout control is not supported in Windows 10 Pro.
 
-The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](http://go.microsoft.com/fwlink/p/?LinkId=691687) in the Microsoft Knowledge Base.
+The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](https://go.microsoft.com/fwlink/p/?LinkId=691687) in the Microsoft Knowledge Base.
 
 ## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
 
 
 Three features enable Start and taskbar layout control:
 
--   The [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkID=620879) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
+-   The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkID=620879) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     **Note**  
-    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
+    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
 
 -    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration.
 
 -   In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied.
 
 **Note**  
-To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( http://go.microsoft.com/fwlink/p/?LinkId=620863).
+To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
 
  
 
@@ -69,7 +69,7 @@ The GPO can be configured from any computer on which the necessary ADMX and ADML
 
 The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users’ computers when they sign in and the users must have Read-only access to the file. If the file is not available at sign-in, Start and the taskbar are not customized during the session, and the user can make changes to Start.
 
-For information about deploying GPOs in a domain, see [Working with Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=620889).
+For information about deploying GPOs in a domain, see [Working with Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620889).
 
 ## <a href="" id="bkmk-localgpimport"></a>Use Group Policy to apply a customized Start layout on the local computer
 
@@ -77,9 +77,9 @@ For information about deploying GPOs in a domain, see [Working with Group Policy
 You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**.
 
 **Note**  
-This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment), later in this topic.
+This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment).
 
-This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10.
+This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10.
 
  
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
index 2e17e4b129..cf6a6dab79 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -19,7 +19,7 @@ localizationpriority: medium
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
 
@@ -40,11 +40,11 @@ Two features enable Start layout control:
 -   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     **Note**  
-    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
+    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
 
      
 
--   In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+-   In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ## <a href="" id="bkmk-domaingpodeployment"></a>Create a policy for your customized Start layout
 
@@ -139,7 +139,7 @@ This example uses Microsoft Intune to configure an MDM policy that applies a cus
 
 [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 
-[Use Windows 10 custom policies to manage device settings with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=616316)
+[Use Windows 10 custom policies to manage device settings with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=616316)
 
  
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 2fcd71d6ad..aca87ef5cc 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -19,10 +19,13 @@ localizationpriority: medium
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 In Windows 10 Enterprise and Windows 10 Education, version 1607, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
+>[!IMPORTANT]
+>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
+
 **Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
 
 ## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
@@ -33,7 +36,7 @@ Three features enable Start and taskbar layout control:
 -   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     **Note**  
-    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
+    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
 
 -    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration.
 
@@ -43,7 +46,7 @@ Three features enable Start and taskbar layout control:
 ## <a href="" id="bkmk-domaingpodeployment"></a>Create a provisioning package that contains a customized Start layout
 
 
-Use the [Imaging and Configuration Designer (ICD) tool](http://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
+Use the [Imaging and Configuration Designer (ICD) tool](https://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 > **Important**
 When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
@@ -61,7 +64,7 @@ When you build a provisioning package, you may include sensitive information in
 
 6.  Expand **Runtime settings** &gt; **Start**, and click **StartLayout**.
 
-7.  Specify the path and file name of the Start layout .xml that you created with the [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet.
+7.  Specify the path and file name of the Start layout .xml that you created with the [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet.
 
 8.  On the **File** menu, select **Save.**
 
diff --git a/windows/manage/diagnostics-for-mdm-devices.md b/windows/manage/diagnostics-for-mdm-devices.md
deleted file mode 100644
index 32998541e9..0000000000
--- a/windows/manage/diagnostics-for-mdm-devices.md
+++ /dev/null
@@ -1,102 +0,0 @@
----
-title: Diagnostics for Windows 10 devices  (Windows 10)
-description: Device Policy State log in Windows 10, Version 1607, collects info about policies.
-keywords: ["mdm", "udiag", "device policy", "mdmdiagnostics"]
-ms.prod: W10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jdeckerMS
----
-
-# Diagnostics for Windows 10 devices  
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-(which SKUs?)
-
-(this isn't really MDM-managed only, is it? It can be done locally/email?)
-
-Two new diagnostic tools for Windows 10, version 1607, help IT administrators diagnose and resolve issues with remote devices enrolled in mobile device management (MDM): the [Device Policy State Log](#device-policy-state-log) and [UDiag](#udiag). Windows 10 for desktop editions and Windows 10 Mobile make it simple for users to export log files that you can then analyze with these tools.
-
-## Export management log files
-
-Go to **Settings > Accounts > Work access > Export your management log files**.
-
-![Export your management log files](images/export-mgt-desktop.png)
-
-- On desktop devices, the file is saved to C:/Users/Public/Public Documents/MDMDiagnostics/MDMDiagReport.xml
-- On phones, the file is saved to *phone*/Documents/MDMDiagnostics/MDMDiagReport.xml
-
-The MDMDiagReport.xml can be used with [Device Policy State Log](#device-policy-state-log) and [UDiag](#udiag) to help you resolve issues.
-
-## Device Policy State Log
-
-The Device Policy State Log collects information on the state of policies applied to the device to help you determine which sources are applying policies or configurations to the device. Help desk personnel can use this log to diagnose and resolve issues with a remote device. 
-
-After you obtain the management log file from the user's device, run the mdmReportGenerator.ps1 script on log to create report. (download mdmReportGenerator.ps1 and mdmDiagnoseHelpers.psm1) This PowerShell script asks you to enter the name of the management log file and a name for the report that it will create, as shown in the following example:
-
-![Enter file name for input and output](images/mdm-diag-report-powershell.png)
-
-The script produces the report in html format. There are two sections to the report, Configuration and Policy Information. 
-
- The configuration section lists the GUID of the sources that are applying configurations to the device.  
-
- ![Configuration source Exachange ActiveSync](images/config-source.png)
-
-The policy information section displays information about the specific policies that are being enforced and on the device.  For each policy, you will see the Area grouping, the Policy name, its default and current value, and the configuration source. You can compare the configuration source GUID in the policy information section to the GUIDs in the configuration section to identify the source of the policy.
-
-![Policies applied by a configuration source](images/config-policy.png)
-
-
-## UDiag
-
-The UDiag tool applies rules to Event Tracing for Windows (ETW) files to help determine the root cause of an issue. 
-
-(download UDiag)
-
-To analyze MDMDiagReport.xml using UDiag
-1. Open UDiag, and select Device Management.
-2. Select your source for the log files ("cab of logs" or "directory of logs")
-
-Investigating log content, identifying patterns, and adding a root cause analysis to the database (Advanced users/providers) 
-
-1. While at the 'Root Causes List' panel, click the 'Diagnose' button at the bottom. 
-2. You will then be brought to the Diagnosis panel where you can investigate and tag root causes from the content
-  - Evidence Groups: When a set of logs are loaded into UDiag, the contents are processed (e.g. ETW) and organized into evidence groups. 
-  - Decision Tree View: This view shows the loaded decision tree for the current topic/topic area. When a decision node is selected, a user can modify the regular expression and add/edit/delete an RCA for that node. Any RCA matches found in the current log set will have an 'RCA' label that is either Red or Yellow.
-  - Evidence View: Selecting an evidence group loads its content into this evidence view. Use this view to investigate issues and determine root causes. Drag and drop lines from the Evidence View into the Decision Tree View, to build your root cause analysis pattern. ([Learn more about techniques for root cause analysis.](https://technet.microsoft.com/en-us/library/cc543298.aspx))
-
-
-
- 	
-
-	Can admin pull logs without user action? [DK] Yes via the diagnostic log CSP
-
-	
-
-	"Run PowerShell script to process the file" – is that the user doing it? How can this workflow work in an enterprise where employees aren't computer-savvy? [DK] This is intended to be done by the help desk guy.  
-
-	Where did (user|admin) get mdmReportGenerator.ps1?  [DK] Publishing on DLC later this summer
-
-	In Viewing the report, how does the admin make sense of the source GUIDs? [DK] Correlates the value in the table with the entries at the top of the page. 
-
-	UDiag – where does admin get this? [DK] Publishing on DLC later this summer
-
-	Can admins create custom rule sets? [DK] Right now, no.  but open to feedback on this.
-
-	
-
-Link to [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx)
-
-[Diagnostics capability for devices managed by any MDM provider.](https://microsoft.sharepoint.com/teams/osg_core_ens/mgmt/OSMan Wiki/MDM Diagnostics - Generating and Processing Log files.aspx)
-
-[Redstone spec](https://microsoft.sharepoint.com/teams/specstore/_layouts/15/WopiFrame.aspx?sourcedoc=%7b7E8742A2-03A1-451C-BA07-F2573B044CBF%7d&file=DM%20-%20MDM%20Diagnostics-RS.docx&action=default&DefaultItemOpen=1)
-
-## Related topics
-
-[DiagnosticLog CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt219118.aspx)
-
-[Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120.aspx)
\ No newline at end of file
diff --git a/windows/manage/find-and-acquire-apps-overview.md b/windows/manage/find-and-acquire-apps-overview.md
index 8faea40ea2..30ca08ff48 100644
--- a/windows/manage/find-and-acquire-apps-overview.md
+++ b/windows/manage/find-and-acquire-apps-overview.md
@@ -40,6 +40,10 @@ Use the Windows Store for Business to find apps for your organization. You can a
 <td align="left"><p>Store for Business has thousands of apps from many different categories.</p></td>
 </tr>
 <tr class="even">
+<td align="left"><p>[Acquire apps in the Windows Store for Business](acquire-apps-windows-store-for-business.md)</p></td>
+<td align="left"><p>You can acquire apps from the Windows Store for Business for your employees.</p></td>
+</tr>
+<tr class="odd">
 <td align="left"><p>[Working with line-of-business apps](working-with-line-of-business-apps.md)</p></td>
 <td align="left"><p>Your company can make line-of-business (LOB) applications available through Store for Business. These apps are custom to your company – they might be internal business apps, or apps specific to your business or industry.</p></td>
 </tr>
diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md
index 37005acc03..40c5250e62 100644
--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@@ -1,6 +1,6 @@
 ---
-title: Group Policies that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
-description: Use this topic to learn about Group Policy objects that apply only to Windows 10 Enterprise and Windows 10 Education.
+title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
+description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -8,13 +8,13 @@ author: brianlic-msft
 localizationpriority: high
 ---
 
-# Group Policies that apply only to Windows 10 Enterprise and Education Editions
+# Group Policy settings that apply only to Windows 10 Enterprise and Education Editions
 
 **Applies to**
 
 -   Windows 10
 
-In Windows 10, version 1607, the following Group Policies apply only to Windows 10 Enterprise and Windows 10 Education.
+In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education.
 
 | Policy name | Policy path | Comments |
 | --- | --- | --- |
diff --git a/windows/manage/how-it-pros-can-use-configuration-service-providers.md b/windows/manage/how-it-pros-can-use-configuration-service-providers.md
index a61e88337b..26ab03140f 100644
--- a/windows/manage/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/manage/how-it-pros-can-use-configuration-service-providers.md
@@ -19,7 +19,7 @@ localizationpriority: medium
 
 Configuration service providers (CSPs) expose device configuration settings in Windows 10. This topic is written for people who have no experience with CSPs.
 
-The CSPs are documented on the [Hardware Dev Center](http://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
+The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
 
 **Note**  
 The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
@@ -33,9 +33,9 @@ A CSP is an interface in the client operating system between configuration setti
 
 Starting in Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. In the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
 
-Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkId=717438) contains the settings to create a Wi-Fi profile.
+Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkId=717438) contains the settings to create a Wi-Fi profile.
 
-CSPs are behind many of the management tasks and policies for Windows 10 in Microsoft Intune and non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+CSPs are behind many of the management tasks and policies for Windows 10 in Microsoft Intune and non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ![how intune maps to csp](images/policytocsp.png)
 
@@ -49,7 +49,7 @@ The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based
 
 The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs via scripts and traditional enterprise management software such as Configuration Manager using Windows Management Instrumentation (WMI). The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
 
-[Learn how to use the WMI Bridge Provider with PowerShell.](http://go.microsoft.com/fwlink/p/?LinkId=761090)
+[Learn how to use the WMI Bridge Provider with PowerShell.](https://go.microsoft.com/fwlink/p/?LinkId=761090)
 
 ## Why should you learn about CSPs?
 
@@ -58,11 +58,11 @@ Generally, enterprises rely on Group Policy or MDM to configure and manage devic
 
 In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management, or you want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
 
-In addition, some of the topics in the [Windows 10 and Windows 10 Mobile](../index.md) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) which links to the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
+In addition, some of the topics in the [Windows 10 and Windows 10 Mobile](../index.md) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) which links to the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
 
 ### CSPs in Windows Imaging and Configuration Designer (ICD)
 
-You can use Windows Imaging and Configuration Designer (ICD) to create [provisioning packages](http://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE) and after devices are set up. You can use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows ICD are based on CSPs.
+You can use Windows Imaging and Configuration Designer (ICD) to create [provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE) and after devices are set up. You can use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows ICD are based on CSPs.
 
 Many settings in Windows ICD will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
@@ -72,20 +72,20 @@ Many settings in Windows ICD will display documentation for that setting in the
 
 ### CSPs in MDM
 
-Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. It might simply be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](http://go.microsoft.com/fwlink/p/?LinkId=717390).
+Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. It might simply be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
 
-When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](http://go.microsoft.com/fwlink/p/?LinkID=616316) to deploy settings. Intune documents [a partial list of settings](http://go.microsoft.com/fwlink/p/?LinkID=616317) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](http://go.microsoft.com/fwlink/p/?LinkId=717390) to locate that information.
+When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](https://go.microsoft.com/fwlink/p/?LinkID=616316) to deploy settings. Intune documents [a partial list of settings](https://go.microsoft.com/fwlink/p/?LinkID=616317) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](https://go.microsoft.com/fwlink/p/?LinkId=717390) to locate that information.
 
 ### CSPs in Lockdown XML
 
-Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 ## <a href="" id="bkmk-csp-doc"></a>How do you use the CSP documentation?
 
 
-All CSPs in Windows 10 are documented in the [Configuration service provider reference](http://go.microsoft.com/fwlink/p/?LinkId=717390).
+All CSPs in Windows 10 are documented in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
 
-The [main CSP topic](http://go.microsoft.com/fwlink/p/?LinkId=717390) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
+The [main CSP topic](https://go.microsoft.com/fwlink/p/?LinkId=717390) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
 
 ![csp per windows edition](images/csptable.png)
 
@@ -93,11 +93,11 @@ The documentation for each CSP follows the same structure. After an introduction
 
 The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices’ root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
 
-The following example shows the diagram for the [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes and rectangular elements are settings or policies for which a value must be supplied.
+The following example shows the diagram for the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes and rectangular elements are settings or policies for which a value must be supplied.
 
 ![assigned access csp tree](images/provisioning-csp-assignedaccess.png)
 
-The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see it uses the [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608).
+The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see it uses the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608).
 
 ```XML
 ./Vendor/MSFT/AssignedAccess/KioskModeApp
@@ -109,7 +109,7 @@ When an element in the diagram uses italic font, it indicates a placeholder for
 
 After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
 
-For example, in the [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608), the setting is **KioskModeApp**. The documentation tells you that the value for **KioskModeApp** is a JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app.
+For example, in the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608), the setting is **KioskModeApp**. The documentation tells you that the value for **KioskModeApp** is a JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app.
 
 The documentation for most CSPs will also include an XML example.
 
@@ -118,7 +118,7 @@ The documentation for most CSPs will also include an XML example.
 
 CSPs provide access to a number of settings useful to enterprises. This section introduces two CSPs that an enterprise might find particularly useful.
 
--   [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601)
+-   [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601)
 
     The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
 
@@ -132,7 +132,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
     -   Restricting access to the context menu.
     -   Enabling or disabling tile manipulation.
     -   Creating role-specific configurations.
--   [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244)
+-   [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244)
 
     The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
 
@@ -156,63 +156,63 @@ CSPs provide access to a number of settings useful to enterprises. This section
 
 Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
 
--   [ActiveSync CSP](http://go.microsoft.com/fwlink/p/?LinkId=723219)
--   [Application CSP](http://go.microsoft.com/fwlink/p/?LinkId=723220)
--   [AppLocker CSP](http://go.microsoft.com/fwlink/p/?LinkID=626609)
--   [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608)
--   [Bootstrap CSP](http://go.microsoft.com/fwlink/p/?LinkId=723224)
--   [BrowserFavorite CSP](http://go.microsoft.com/fwlink/p/?LinkId=723428)
--   [CellularSettings CSP](http://go.microsoft.com/fwlink/p/?LinkId=723427)
--   [CertificateStore CSP](http://go.microsoft.com/fwlink/p/?LinkId=723225)
--   [ClientCertificateInstall CSP](http://go.microsoft.com/fwlink/p/?LinkId=723226)
--   [CM\_CellularEntries CSP](http://go.microsoft.com/fwlink/p/?LinkId=723426)
--   [CM\_ProxyEntries CSP](http://go.microsoft.com/fwlink/p/?LinkId=723425)
--   [CMPolicy CSP](http://go.microsoft.com/fwlink/p/?LinkId=723424)
--   [Defender CSP](http://go.microsoft.com/fwlink/p/?LinkId=723227)
--   [DevDetail CSP](http://go.microsoft.com/fwlink/p/?LinkId=723228)
--   [DeviceInstanceService CSP](http://go.microsoft.com/fwlink/p/?LinkId=723275)
--   [DeviceLock CSP](http://go.microsoft.com/fwlink/p/?LinkId=723370)
--   [DeviceStatus CSP](http://go.microsoft.com/fwlink/p/?LinkId=723229)
--   [DevInfo CSP](http://go.microsoft.com/fwlink/p/?LinkId=723230)
--   [DiagnosticLog CSP](http://go.microsoft.com/fwlink/p/?LinkId=723231)
--   [DMAcc CSP](http://go.microsoft.com/fwlink/p/?LinkId=723232)
--   [DMClient CSP](http://go.microsoft.com/fwlink/p/?LinkId=723233)
--   [Email2 CSP](http://go.microsoft.com/fwlink/p/?LinkId=723234)
--   [EnterpriseAPN CSP](http://go.microsoft.com/fwlink/p/?LinkId=723235)
--   [EnterpriseAppManagement CSP](http://go.microsoft.com/fwlink/p/?LinkId=723237)
--   [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601)
--   [EnterpriseDesktopAppManagement CSP](http://go.microsoft.com/fwlink/p/?LinkId=723236)
--   [EnterpriseExt CSP](http://go.microsoft.com/fwlink/p/?LinkId=723423)
--   [EnterpriseExtFileSystem CSP](http://go.microsoft.com/fwlink/p/?LinkID=703716)
--   [EnterpriseModernAppManagement CSP](http://go.microsoft.com/fwlink/p/?LinkId=723257)
--   [FileSystem CSP](http://go.microsoft.com/fwlink/p/?LinkId=723422)
--   [HealthAttestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=723258)
--   [HotSpot CSP](http://go.microsoft.com/fwlink/p/?LinkId=723421)
--   [Maps CSP](http://go.microsoft.com/fwlink/p/?LinkId=723420)
--   [NAP CSP](http://go.microsoft.com/fwlink/p/?LinkId=723419)
--   [NAPDEF CSP](http://go.microsoft.com/fwlink/p/?LinkId=723371)
--   [NodeCache CSP]( http://go.microsoft.com/fwlink/p/?LinkId=723265)
--   [PassportForWork CSP](http://go.microsoft.com/fwlink/p/?LinkID=692070)
--   [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244)
--   [PolicyManager CSP]( http://go.microsoft.com/fwlink/p/?LinkId=723418)
--   [Provisioning CSP](http://go.microsoft.com/fwlink/p/?LinkId=723266)
--   [Proxy CSP]( http://go.microsoft.com/fwlink/p/?LinkId=723372)
--   [PXLOGICAL CSP](http://go.microsoft.com/fwlink/p/?LinkId=723374)
--   [Registry CSP](http://go.microsoft.com/fwlink/p/?LinkId=723417)
--   [RemoteFind CSP](http://go.microsoft.com/fwlink/p/?LinkId=723267)
--   [RemoteWipe CSP](http://go.microsoft.com/fwlink/p/?LinkID=703714)
--   [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkId=723375)
--   [RootCATrustedCertificates CSP](http://go.microsoft.com/fwlink/p/?LinkId=723270)
--   [SecurityPolicy CSP](http://go.microsoft.com/fwlink/p/?LinkId=723376)
--   [Storage CSP](http://go.microsoft.com/fwlink/p/?LinkId=723377)
--   [SUPL CSP](http://go.microsoft.com/fwlink/p/?LinkId=723378)
--   [UnifiedWriteFilter CSP](http://go.microsoft.com/fwlink/p/?LinkId=723272)
--   [Update CSP](http://go.microsoft.com/fwlink/p/?LinkId=723271)
--   [VPN CSP](http://go.microsoft.com/fwlink/p/?LinkId=723416)
--   [VPNv2 CSP](http://go.microsoft.com/fwlink/p/?LinkID=617588)
--   [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkID=71743)
--   [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkId=723274)
--   [WindowsSecurityAuditing CSP](http://go.microsoft.com/fwlink/p/?LinkId=723415)
+-   [ActiveSync CSP](https://go.microsoft.com/fwlink/p/?LinkId=723219)
+-   [Application CSP](https://go.microsoft.com/fwlink/p/?LinkId=723220)
+-   [AppLocker CSP](https://go.microsoft.com/fwlink/p/?LinkID=626609)
+-   [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608)
+-   [Bootstrap CSP](https://go.microsoft.com/fwlink/p/?LinkId=723224)
+-   [BrowserFavorite CSP](https://go.microsoft.com/fwlink/p/?LinkId=723428)
+-   [CellularSettings CSP](https://go.microsoft.com/fwlink/p/?LinkId=723427)
+-   [CertificateStore CSP](https://go.microsoft.com/fwlink/p/?LinkId=723225)
+-   [ClientCertificateInstall CSP](https://go.microsoft.com/fwlink/p/?LinkId=723226)
+-   [CM\_CellularEntries CSP](https://go.microsoft.com/fwlink/p/?LinkId=723426)
+-   [CM\_ProxyEntries CSP](https://go.microsoft.com/fwlink/p/?LinkId=723425)
+-   [CMPolicy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723424)
+-   [Defender CSP](https://go.microsoft.com/fwlink/p/?LinkId=723227)
+-   [DevDetail CSP](https://go.microsoft.com/fwlink/p/?LinkId=723228)
+-   [DeviceInstanceService CSP](https://go.microsoft.com/fwlink/p/?LinkId=723275)
+-   [DeviceLock CSP](https://go.microsoft.com/fwlink/p/?LinkId=723370)
+-   [DeviceStatus CSP](https://go.microsoft.com/fwlink/p/?LinkId=723229)
+-   [DevInfo CSP](https://go.microsoft.com/fwlink/p/?LinkId=723230)
+-   [DiagnosticLog CSP](https://go.microsoft.com/fwlink/p/?LinkId=723231)
+-   [DMAcc CSP](https://go.microsoft.com/fwlink/p/?LinkId=723232)
+-   [DMClient CSP](https://go.microsoft.com/fwlink/p/?LinkId=723233)
+-   [Email2 CSP](https://go.microsoft.com/fwlink/p/?LinkId=723234)
+-   [EnterpriseAPN CSP](https://go.microsoft.com/fwlink/p/?LinkId=723235)
+-   [EnterpriseAppManagement CSP](https://go.microsoft.com/fwlink/p/?LinkId=723237)
+-   [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601)
+-   [EnterpriseDesktopAppManagement CSP](https://go.microsoft.com/fwlink/p/?LinkId=723236)
+-   [EnterpriseExt CSP](https://go.microsoft.com/fwlink/p/?LinkId=723423)
+-   [EnterpriseExtFileSystem CSP](https://go.microsoft.com/fwlink/p/?LinkID=703716)
+-   [EnterpriseModernAppManagement CSP](https://go.microsoft.com/fwlink/p/?LinkId=723257)
+-   [FileSystem CSP](https://go.microsoft.com/fwlink/p/?LinkId=723422)
+-   [HealthAttestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=723258)
+-   [HotSpot CSP](https://go.microsoft.com/fwlink/p/?LinkId=723421)
+-   [Maps CSP](https://go.microsoft.com/fwlink/p/?LinkId=723420)
+-   [NAP CSP](https://go.microsoft.com/fwlink/p/?LinkId=723419)
+-   [NAPDEF CSP](https://go.microsoft.com/fwlink/p/?LinkId=723371)
+-   [NodeCache CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723265)
+-   [PassportForWork CSP](https://go.microsoft.com/fwlink/p/?LinkID=692070)
+-   [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244)
+-   [PolicyManager CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723418)
+-   [Provisioning CSP](https://go.microsoft.com/fwlink/p/?LinkId=723266)
+-   [Proxy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723372)
+-   [PXLOGICAL CSP](https://go.microsoft.com/fwlink/p/?LinkId=723374)
+-   [Registry CSP](https://go.microsoft.com/fwlink/p/?LinkId=723417)
+-   [RemoteFind CSP](https://go.microsoft.com/fwlink/p/?LinkId=723267)
+-   [RemoteWipe CSP](https://go.microsoft.com/fwlink/p/?LinkID=703714)
+-   [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkId=723375)
+-   [RootCATrustedCertificates CSP](https://go.microsoft.com/fwlink/p/?LinkId=723270)
+-   [SecurityPolicy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723376)
+-   [Storage CSP](https://go.microsoft.com/fwlink/p/?LinkId=723377)
+-   [SUPL CSP](https://go.microsoft.com/fwlink/p/?LinkId=723378)
+-   [UnifiedWriteFilter CSP](https://go.microsoft.com/fwlink/p/?LinkId=723272)
+-   [Update CSP](https://go.microsoft.com/fwlink/p/?LinkId=723271)
+-   [VPN CSP](https://go.microsoft.com/fwlink/p/?LinkId=723416)
+-   [VPNv2 CSP](https://go.microsoft.com/fwlink/p/?LinkID=617588)
+-   [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=71743)
+-   [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723274)
+-   [WindowsSecurityAuditing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723415)
 
 ## Related topics
 
diff --git a/windows/manage/images/checklistbox.gif b/windows/manage/images/checklistbox.gif
index 8af13c51d1..44cf17b07b 100644
Binary files a/windows/manage/images/checklistbox.gif and b/windows/manage/images/checklistbox.gif differ
diff --git a/windows/manage/images/checklistdone.png b/windows/manage/images/checklistdone.png
new file mode 100644
index 0000000000..7e53f74d0e
Binary files /dev/null and b/windows/manage/images/checklistdone.png differ
diff --git a/windows/manage/images/copy-to-change.png b/windows/manage/images/copy-to-change.png
new file mode 100644
index 0000000000..21aa250c0c
Binary files /dev/null and b/windows/manage/images/copy-to-change.png differ
diff --git a/windows/manage/images/copy-to-path.png b/windows/manage/images/copy-to-path.png
new file mode 100644
index 0000000000..1ef00fc86b
Binary files /dev/null and b/windows/manage/images/copy-to-path.png differ
diff --git a/windows/manage/images/copy-to.PNG b/windows/manage/images/copy-to.PNG
new file mode 100644
index 0000000000..dad84cedc8
Binary files /dev/null and b/windows/manage/images/copy-to.PNG differ
diff --git a/windows/manage/images/gp-branch.png b/windows/manage/images/gp-branch.png
new file mode 100644
index 0000000000..997bcc830a
Binary files /dev/null and b/windows/manage/images/gp-branch.png differ
diff --git a/windows/manage/images/gp-exclude-drivers.png b/windows/manage/images/gp-exclude-drivers.png
new file mode 100644
index 0000000000..0010749139
Binary files /dev/null and b/windows/manage/images/gp-exclude-drivers.png differ
diff --git a/windows/manage/images/gp-feature.png b/windows/manage/images/gp-feature.png
new file mode 100644
index 0000000000..b862d545d4
Binary files /dev/null and b/windows/manage/images/gp-feature.png differ
diff --git a/windows/manage/images/gp-quality.png b/windows/manage/images/gp-quality.png
new file mode 100644
index 0000000000..d7ff30172d
Binary files /dev/null and b/windows/manage/images/gp-quality.png differ
diff --git a/windows/manage/images/settings-table.png b/windows/manage/images/settings-table.png
deleted file mode 100644
index ada56513fc..0000000000
Binary files a/windows/manage/images/settings-table.png and /dev/null differ
diff --git a/windows/manage/images/sysprep-error.png b/windows/manage/images/sysprep-error.png
new file mode 100644
index 0000000000..aa004efbb6
Binary files /dev/null and b/windows/manage/images/sysprep-error.png differ
diff --git a/windows/manage/images/waas-do-fig1.png b/windows/manage/images/waas-do-fig1.png
new file mode 100644
index 0000000000..e739d0b670
Binary files /dev/null and b/windows/manage/images/waas-do-fig1.png differ
diff --git a/windows/manage/images/waas-do-fig2.png b/windows/manage/images/waas-do-fig2.png
new file mode 100644
index 0000000000..0c315fddaa
Binary files /dev/null and b/windows/manage/images/waas-do-fig2.png differ
diff --git a/windows/manage/images/waas-do-fig3.png b/windows/manage/images/waas-do-fig3.png
new file mode 100644
index 0000000000..66ac342b51
Binary files /dev/null and b/windows/manage/images/waas-do-fig3.png differ
diff --git a/windows/manage/images/waas-do-fig4.png b/windows/manage/images/waas-do-fig4.png
new file mode 100644
index 0000000000..3de9605bac
Binary files /dev/null and b/windows/manage/images/waas-do-fig4.png differ
diff --git a/windows/manage/images/waas-overview-patch.png b/windows/manage/images/waas-overview-patch.png
new file mode 100644
index 0000000000..b16c211c59
Binary files /dev/null and b/windows/manage/images/waas-overview-patch.png differ
diff --git a/windows/manage/images/waas-overview-timeline.png b/windows/manage/images/waas-overview-timeline.png
new file mode 100644
index 0000000000..8488b2b680
Binary files /dev/null and b/windows/manage/images/waas-overview-timeline.png differ
diff --git a/windows/manage/images/waas-rings.png b/windows/manage/images/waas-rings.png
new file mode 100644
index 0000000000..a5446f3dff
Binary files /dev/null and b/windows/manage/images/waas-rings.png differ
diff --git a/windows/manage/images/waas-sccm-fig1.png b/windows/manage/images/waas-sccm-fig1.png
new file mode 100644
index 0000000000..7557888301
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig1.png differ
diff --git a/windows/manage/images/waas-sccm-fig10.png b/windows/manage/images/waas-sccm-fig10.png
new file mode 100644
index 0000000000..b029618b67
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig10.png differ
diff --git a/windows/manage/images/waas-sccm-fig11.png b/windows/manage/images/waas-sccm-fig11.png
new file mode 100644
index 0000000000..fc6528e7ef
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig11.png differ
diff --git a/windows/manage/images/waas-sccm-fig12.png b/windows/manage/images/waas-sccm-fig12.png
new file mode 100644
index 0000000000..87464dd5f1
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig12.png differ
diff --git a/windows/manage/images/waas-sccm-fig2.png b/windows/manage/images/waas-sccm-fig2.png
new file mode 100644
index 0000000000..a1d7183a7c
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig2.png differ
diff --git a/windows/manage/images/waas-sccm-fig3.png b/windows/manage/images/waas-sccm-fig3.png
new file mode 100644
index 0000000000..cd406d9c5d
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig3.png differ
diff --git a/windows/manage/images/waas-sccm-fig4.png b/windows/manage/images/waas-sccm-fig4.png
new file mode 100644
index 0000000000..782c5ca6ef
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig4.png differ
diff --git a/windows/manage/images/waas-sccm-fig5.png b/windows/manage/images/waas-sccm-fig5.png
new file mode 100644
index 0000000000..5f215dec58
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig5.png differ
diff --git a/windows/manage/images/waas-sccm-fig6.png b/windows/manage/images/waas-sccm-fig6.png
new file mode 100644
index 0000000000..bd7df6f6d2
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig6.png differ
diff --git a/windows/manage/images/waas-sccm-fig7.png b/windows/manage/images/waas-sccm-fig7.png
new file mode 100644
index 0000000000..5b7c37b6a1
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig7.png differ
diff --git a/windows/manage/images/waas-sccm-fig8.png b/windows/manage/images/waas-sccm-fig8.png
new file mode 100644
index 0000000000..1db4dae84a
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig8.png differ
diff --git a/windows/manage/images/waas-sccm-fig9.png b/windows/manage/images/waas-sccm-fig9.png
new file mode 100644
index 0000000000..632b859232
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig9.png differ
diff --git a/windows/manage/images/waas-strategy-fig1.png b/windows/manage/images/waas-strategy-fig1.png
new file mode 100644
index 0000000000..c12cc660de
Binary files /dev/null and b/windows/manage/images/waas-strategy-fig1.png differ
diff --git a/windows/manage/images/waas-wsus-fig1.png b/windows/manage/images/waas-wsus-fig1.png
new file mode 100644
index 0000000000..1d0dd4cc6b
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig1.png differ
diff --git a/windows/manage/images/waas-wsus-fig10.png b/windows/manage/images/waas-wsus-fig10.png
new file mode 100644
index 0000000000..fe9f6a6447
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig10.png differ
diff --git a/windows/manage/images/waas-wsus-fig11.png b/windows/manage/images/waas-wsus-fig11.png
new file mode 100644
index 0000000000..0ad08f70c2
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig11.png differ
diff --git a/windows/manage/images/waas-wsus-fig12.png b/windows/manage/images/waas-wsus-fig12.png
new file mode 100644
index 0000000000..fa9fb5c7a4
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig12.png differ
diff --git a/windows/manage/images/waas-wsus-fig13.png b/windows/manage/images/waas-wsus-fig13.png
new file mode 100644
index 0000000000..d2e916dc48
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig13.png differ
diff --git a/windows/manage/images/waas-wsus-fig14.png b/windows/manage/images/waas-wsus-fig14.png
new file mode 100644
index 0000000000..a0c8e30736
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig14.png differ
diff --git a/windows/manage/images/waas-wsus-fig15.png b/windows/manage/images/waas-wsus-fig15.png
new file mode 100644
index 0000000000..fd59e9ce23
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig15.png differ
diff --git a/windows/manage/images/waas-wsus-fig16.png b/windows/manage/images/waas-wsus-fig16.png
new file mode 100644
index 0000000000..57a34228d9
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig16.png differ
diff --git a/windows/manage/images/waas-wsus-fig17.png b/windows/manage/images/waas-wsus-fig17.png
new file mode 100644
index 0000000000..13e755e456
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig17.png differ
diff --git a/windows/manage/images/waas-wsus-fig18.png b/windows/manage/images/waas-wsus-fig18.png
new file mode 100644
index 0000000000..0b13e936fb
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig18.png differ
diff --git a/windows/manage/images/waas-wsus-fig19.png b/windows/manage/images/waas-wsus-fig19.png
new file mode 100644
index 0000000000..b67d17a56e
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig19.png differ
diff --git a/windows/manage/images/waas-wsus-fig2.png b/windows/manage/images/waas-wsus-fig2.png
new file mode 100644
index 0000000000..ff273ea10f
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig2.png differ
diff --git a/windows/manage/images/waas-wsus-fig20.png b/windows/manage/images/waas-wsus-fig20.png
new file mode 100644
index 0000000000..58fa43444f
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig20.png differ
diff --git a/windows/manage/images/waas-wsus-fig3.png b/windows/manage/images/waas-wsus-fig3.png
new file mode 100644
index 0000000000..1247e2f874
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig3.png differ
diff --git a/windows/manage/images/waas-wsus-fig4.png b/windows/manage/images/waas-wsus-fig4.png
new file mode 100644
index 0000000000..9fbc673814
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig4.png differ
diff --git a/windows/manage/images/waas-wsus-fig5.png b/windows/manage/images/waas-wsus-fig5.png
new file mode 100644
index 0000000000..7068f487cd
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig5.png differ
diff --git a/windows/manage/images/waas-wsus-fig6.png b/windows/manage/images/waas-wsus-fig6.png
new file mode 100644
index 0000000000..6256f5d617
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig6.png differ
diff --git a/windows/manage/images/waas-wsus-fig7.png b/windows/manage/images/waas-wsus-fig7.png
new file mode 100644
index 0000000000..69d3e6fe6f
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig7.png differ
diff --git a/windows/manage/images/waas-wsus-fig8.png b/windows/manage/images/waas-wsus-fig8.png
new file mode 100644
index 0000000000..8ec17f2741
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig8.png differ
diff --git a/windows/manage/images/waas-wsus-fig9.png b/windows/manage/images/waas-wsus-fig9.png
new file mode 100644
index 0000000000..dd430897ff
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig9.png differ
diff --git a/windows/manage/images/waas-wufb-gp-broad.png b/windows/manage/images/waas-wufb-gp-broad.png
new file mode 100644
index 0000000000..9fdd9e97f1
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-broad.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cb2-settings.png b/windows/manage/images/waas-wufb-gp-cb2-settings.png
new file mode 100644
index 0000000000..97dc6ce41a
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cb2-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cb2.png b/windows/manage/images/waas-wufb-gp-cb2.png
new file mode 100644
index 0000000000..9be7638ed7
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cb2.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb1-settings.png b/windows/manage/images/waas-wufb-gp-cbb1-settings.png
new file mode 100644
index 0000000000..dae9866faf
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cbb1-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb2-settings.png b/windows/manage/images/waas-wufb-gp-cbb2-settings.png
new file mode 100644
index 0000000000..2aa7bc212c
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cbb2-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb2q-settings.png b/windows/manage/images/waas-wufb-gp-cbb2q-settings.png
new file mode 100644
index 0000000000..8076b5a99e
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cbb2q-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-create.png b/windows/manage/images/waas-wufb-gp-create.png
new file mode 100644
index 0000000000..63c2ce74aa
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-create.png differ
diff --git a/windows/manage/images/waas-wufb-gp-edit-defer.png b/windows/manage/images/waas-wufb-gp-edit-defer.png
new file mode 100644
index 0000000000..40da5b7709
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-edit-defer.png differ
diff --git a/windows/manage/images/waas-wufb-gp-edit.png b/windows/manage/images/waas-wufb-gp-edit.png
new file mode 100644
index 0000000000..e39bc829ff
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-edit.png differ
diff --git a/windows/manage/images/waas-wufb-gp-scope-cb2.png b/windows/manage/images/waas-wufb-gp-scope-cb2.png
new file mode 100644
index 0000000000..bb29adf5e1
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-scope-cb2.png differ
diff --git a/windows/manage/images/waas-wufb-gp-scope.png b/windows/manage/images/waas-wufb-gp-scope.png
new file mode 100644
index 0000000000..b8e6863c82
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-scope.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cb2.png b/windows/manage/images/waas-wufb-intune-cb2.png
new file mode 100644
index 0000000000..3e8c1ce19e
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-cb2.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cbb1.png b/windows/manage/images/waas-wufb-intune-cbb1.png
new file mode 100644
index 0000000000..6f1e815334
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-cbb1.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cbb2.png b/windows/manage/images/waas-wufb-intune-cbb2.png
new file mode 100644
index 0000000000..b8eef5bb5e
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-cbb2.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step11.png b/windows/manage/images/waas-wufb-intune-step11.png
new file mode 100644
index 0000000000..48db2f63af
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step11.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step19.png b/windows/manage/images/waas-wufb-intune-step19.png
new file mode 100644
index 0000000000..5a68ca7211
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step19.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step2.png b/windows/manage/images/waas-wufb-intune-step2.png
new file mode 100644
index 0000000000..1c7a8a1cae
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step2.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step7.png b/windows/manage/images/waas-wufb-intune-step7.png
new file mode 100644
index 0000000000..daa96ba18c
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step7.png differ
diff --git a/windows/manage/images/wufb-config1.png b/windows/manage/images/wufb-config1.png
new file mode 100644
index 0000000000..76185e86fe
Binary files /dev/null and b/windows/manage/images/wufb-config1.png differ
diff --git a/windows/manage/images/wufb-config2.png b/windows/manage/images/wufb-config2.png
new file mode 100644
index 0000000000..0ab09d4868
Binary files /dev/null and b/windows/manage/images/wufb-config2.png differ
diff --git a/windows/manage/images/wufb-config3.png b/windows/manage/images/wufb-config3.png
new file mode 100644
index 0000000000..a76d1569be
Binary files /dev/null and b/windows/manage/images/wufb-config3.png differ
diff --git a/windows/manage/images/wufb-do.png b/windows/manage/images/wufb-do.png
new file mode 100644
index 0000000000..8d6c9d0b8a
Binary files /dev/null and b/windows/manage/images/wufb-do.png differ
diff --git a/windows/manage/images/wufb-groups.png b/windows/manage/images/wufb-groups.png
new file mode 100644
index 0000000000..13cdea04b0
Binary files /dev/null and b/windows/manage/images/wufb-groups.png differ
diff --git a/windows/manage/images/wufb-pause-feature.png b/windows/manage/images/wufb-pause-feature.png
new file mode 100644
index 0000000000..afeac43e29
Binary files /dev/null and b/windows/manage/images/wufb-pause-feature.png differ
diff --git a/windows/manage/images/wufb-qual.png b/windows/manage/images/wufb-qual.png
new file mode 100644
index 0000000000..4a93408522
Binary files /dev/null and b/windows/manage/images/wufb-qual.png differ
diff --git a/windows/manage/images/wufb-sccm.png b/windows/manage/images/wufb-sccm.png
new file mode 100644
index 0000000000..1d568c1fe4
Binary files /dev/null and b/windows/manage/images/wufb-sccm.png differ
diff --git a/windows/manage/index.md b/windows/manage/index.md
index eba6dd0e9c..6f91d1ac21 100644
--- a/windows/manage/index.md
+++ b/windows/manage/index.md
@@ -30,11 +30,9 @@ Learn about managing and updating Windows 10.
 </tr>
 <tr class="odd">
 <td align="left"><p>[Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md)</p></td>
-<td align="left"><p>The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
-<td align="left"><p>You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
+<td align="left"><p>The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td></tr>
+<tr><td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
+<td align="left"><p>You can use the same management tools to manage all device types running Windows 10: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[Windows Spotlight on the lock screen](windows-spotlight.md)</p></td>
@@ -44,6 +42,7 @@ Learn about managing and updating Windows 10.
 <td align="left"><p>[Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md)</p></td>
 <td align="left"><p>Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Enterprise or Windows 10 Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes.</p></td>
 </tr>
+<tr><td><p>[Create mandatory user profiles](mandatory-user-profile.md)</p></td><td><p>Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings.</p></td></tr>
 <tr class="odd">
 <td align="left"><p>[Lock down Windows 10](lock-down-windows-10.md)</p></td>
 <td align="left"><p>Enterprises often need to manage how people use corporate devices. Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.</p></td>
@@ -56,14 +55,7 @@ Learn about managing and updating Windows 10.
 <td align="left"><p>[Configure devices without MDM](configure-devices-without-mdm.md)</p></td>
 <td align="left"><p>Create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise.</p></td>
 </tr>
-<tr class="even">
-<td align="left"><p>[Windows 10 servicing options](introduction-to-windows-10-servicing.md)</p></td>
-<td align="left"><p>This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Application development for Windows as a service](application-development-for-windows-as-a-service.md)</p></td>
-<td align="left"><p>In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years. Additionally, new releases must be made available on a continual basis, and must be deployable with minimal impact on users. Microsoft designed Windows 10 to meet these requirements by implementing a new approach to innovation, development, and delivery called [Windows as a service (WaaS)](introduction-to-windows-10-servicing.md). The key to enabling significantly shorter product cycles while maintaining high quality levels is an innovative community-centric approach to testing that Microsoft has implemented for Windows 10. The community, known as Windows Insiders, is comprised of millions of users around the world. When Windows Insiders opt in to the community, they test many builds over the course of a product cycle and provide feedback to Microsoft through an iterative methodology called flighting.</p></td>
-</tr>
+<tr><td>[Windows 10 servicing options](introduction-to-windows-10-servicing.md)</td><td>This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.</td></tr>
 <tr class="even">
 <td align="left"><p>[Application Virtualization for Windows (App-V)](appv-for-windows.md)</p></td>
 <td align="left"><p>When you deploy Application Virtualization (App-V) in your orgnazation, you can deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.</p></td>
diff --git a/windows/manage/introduction-to-windows-10-servicing.md b/windows/manage/introduction-to-windows-10-servicing.md
index 8e531b3827..65114bd167 100644
--- a/windows/manage/introduction-to-windows-10-servicing.md
+++ b/windows/manage/introduction-to-windows-10-servicing.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, servicing
-author: greg-lindsay
+author: jdeckerMS
 ---
 
 # Windows 10 servicing options
@@ -108,7 +108,7 @@ At the end of each approximately four month period, Microsoft executes a set of
 
 **The role of Windows Update for Business**
 
-Although Windows 10 will enable IT administrators to defer installation of new feature upgrades using Windows Update, enterprises may also want additional control over how and when Windows Update installs releases. With this need in mind, Microsoft [announced Windows Update for Business](http://go.microsoft.com/fwlink/p/?LinkId=624798) in May of 2015. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing releases. This article will be updated with additional information about the role of Windows Update for Business in servicing Windows 10 devices as it becomes available.
+Although Windows 10 will enable IT administrators to defer installation of new feature upgrades using Windows Update, enterprises may also want additional control over how and when Windows Update installs releases. With this need in mind, Microsoft [announced Windows Update for Business](https://go.microsoft.com/fwlink/p/?LinkId=624798) in May of 2015. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing releases. This article will be updated with additional information about the role of Windows Update for Business in servicing Windows 10 devices as it becomes available.
 
 ## Windows 10 servicing branches
 
@@ -485,8 +485,8 @@ universal apps removed
 
 [Plan for Windows 10 deployment](../plan/index.md)
 
-[Deploy Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=624776)
+[Deploy Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=624776)
 
-[Manage and update Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=624796)
+[Manage and update Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=624796)
  
  
diff --git a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
index 07b423dbf8..6c398d7d27 100644
--- a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
+++ b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
@@ -26,7 +26,7 @@ When a device running Windows 10 Mobile is joined to Azure AD, the device can e
 
 -   Single sign-on (SSO) in applications like Mail, Word, and OneDrive using resources backed by Azure AD.
 
--   SSO in Microsoft Edge browser to Azure AD-connected web applications like Office 365 Portal, Visual Studio, and more than [2500 non-Microsoft apps](http://go.microsoft.com/fwlink/p/?LinkID=746211).
+-   SSO in Microsoft Edge browser to Azure AD-connected web applications like Office 365 Portal, Visual Studio, and more than [2500 non-Microsoft apps](https://go.microsoft.com/fwlink/p/?LinkID=746211).
 
 -   SSO to resources on-premises.
 
@@ -41,7 +41,7 @@ When a device running Windows 10 Mobile is joined to Azure AD, the device can e
 
 Windows Phone 8.1 only supported the ability to connect the device to personal cloud services using a Microsoft account for authentication. This required creating Microsoft accounts to be used for work purposes. In Windows 10 Mobile, you have the ability to join devices directly to Azure AD without requiring a personal Microsoft account.
 
-If you have existing Windows Phone 8.1 devices, the first thing to understand is whether the devices you have can be upgraded to Windows 10 Mobile. Microsoft will be releasing more information about upgrade availability soon. As more information becomes available, it will be posted at [How to get Windows 10 Mobile]( http://go.microsoft.com/fwlink/p/?LinkId=746312). Premier Enterprise customers that have a business need to postpone Windows 10 Mobile upgrade should contact their Technical Account Manager to understand what options may be available.
+If you have existing Windows Phone 8.1 devices, the first thing to understand is whether the devices you have can be upgraded to Windows 10 Mobile. Microsoft will be releasing more information about upgrade availability soon. As more information becomes available, it will be posted at [How to get Windows 10 Mobile]( https://go.microsoft.com/fwlink/p/?LinkId=746312). Premier Enterprise customers that have a business need to postpone Windows 10 Mobile upgrade should contact their Technical Account Manager to understand what options may be available.
 
 Before upgrading and joining devices to Azure AD, you will want to consider existing data usage. How users are using the existing devices and what data is stored locally will vary for every customer. Are text messages used for work purposes and need to be backed up and available after the upgrade? Are there photos stored locally or stored associated with an Microsoft account? Are there device and app settings that to be retained? Are there contacts stored in the SIM or associated with an Microsoft account? You will need to explore methods for capturing and storing the data that needs to be retained before you join the devices to Azure AD. Photos, music files, and documents stored locally on the device can be copied from the device using a USB connection to a PC.
 
@@ -58,9 +58,9 @@ Even though Azure AD Join on Windows 10 Mobile provides the best overall experi
 
 -   You can add access to Azure AD-backed resources on the device without resetting the device.
 
-However, neither of these methods provides SSO in the Windows Store or SSO to resources on-premises, and does not provide the ability to roam settings based on the Azure AD account using enterprise roaming. [Learn about enterprise state roaming in Azure AD.](http://go.microsoft.com/fwlink/p/?LinkId=734996)
+However, neither of these methods provides SSO in the Windows Store or SSO to resources on-premises, and does not provide the ability to roam settings based on the Azure AD account using enterprise roaming. [Learn about enterprise state roaming in Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=734996)
 
-Using **Settings** &gt; **Accounts** &gt; **Your email and accounts** &gt; **Add work or school account**, users can add their Azure AD account to the device. Alternatively, a work account can be added when the user signs in to an application like Mail, Word, etc. If you [enable auto-enrollment in your MDM settings](http://go.microsoft.com/fwlink/p/?LinkID=691615), the device will automatically be enrolled in MDM.
+Using **Settings** &gt; **Accounts** &gt; **Your email and accounts** &gt; **Add work or school account**, users can add their Azure AD account to the device. Alternatively, a work account can be added when the user signs in to an application like Mail, Word, etc. If you [enable auto-enrollment in your MDM settings](https://go.microsoft.com/fwlink/p/?LinkID=691615), the device will automatically be enrolled in MDM.
 
 An added work account provides the same SSO experience in browser apps like Office 365 (Office portal, Outlook Web Access, Calendar, People, OneDrive), Azure AD profile and change password app, and Visual Studio. You get SSO to built-in applications like Mail, Calendar, People, OneDrive and files hosted on OneDrive without prompts for a password. In Office apps like Microsoft Word, Microsoft Excel, etc., you simply select the Azure AD account and you are able to open files without entering a password.
 
@@ -71,7 +71,7 @@ An added work account provides the same SSO experience in browser apps like Offi
 
     Currently, Azure AD Join only supports self-provisioning, meaning the credentials of the user of the device must be used during the initial setup of the device. If your mobile operator prepares devices on your behalf, this will impact your ability to join the device to Azure AD. Many IT administrators may start with a desire to set up devices for their employees, but the Azure AD Join experience is optimized for end-users, including the option for automatic MDM enrollment.
 
-    By default, Azure AD is set up to allow devices to join and to allow users to use their corporate credentials on organizational-owned devices or personal devices. The blog post [Azure AD Join on Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkID=616791) has more information on where you can review your Azure AD settings. You can configure Azure AD to not allow anyone to join, to allow everyone in your organization to join, or you can select specific Azure AD groups which are allowed to join.
+    By default, Azure AD is set up to allow devices to join and to allow users to use their corporate credentials on organizational-owned devices or personal devices. The blog post [Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkID=616791) has more information on where you can review your Azure AD settings. You can configure Azure AD to not allow anyone to join, to allow everyone in your organization to join, or you can select specific Azure AD groups which are allowed to join.
 
 -   **Device setup**
 
@@ -79,11 +79,11 @@ An added work account provides the same SSO experience in browser apps like Offi
 
 -   **Mobile device management**
 
-    An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](http://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](http://go.microsoft.com/fwlink/p/?LinkID=691615)
+    An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](https://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](https://go.microsoft.com/fwlink/p/?LinkID=691615)
 
 -   **Microsoft Passport**
 
-    Creating a Microsoft Passport (PIN) is required on Windows 10 Mobile by default and cannot be disabled. [You can control Microsoft Passport policies](http://go.microsoft.com/fwlink/p/?LinkId=735079) using controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Windows Hello (biometrics such as fingerprint or iris) can be used for Passport authentication. Creating a Microsoft Passport requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Microsoft Passport for Azure AD.](http://go.microsoft.com/fwlink/p/?LinkId=735004)
+    Creating a Microsoft Passport (PIN) is required on Windows 10 Mobile by default and cannot be disabled. [You can control Microsoft Passport policies](https://go.microsoft.com/fwlink/p/?LinkId=735079) using controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Windows Hello (biometrics such as fingerprint or iris) can be used for Passport authentication. Creating a Microsoft Passport requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Microsoft Passport for Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=735004)
 
 -   **Conditional access**
 
diff --git a/windows/manage/lock-down-windows-10-to-specific-apps.md b/windows/manage/lock-down-windows-10-to-specific-apps.md
index 71622d4902..a585ae2a4f 100644
--- a/windows/manage/lock-down-windows-10-to-specific-apps.md
+++ b/windows/manage/lock-down-windows-10-to-specific-apps.md
@@ -108,7 +108,7 @@ In addition to specifying the apps that users can run, you should also restrict
 
      
 
-To learn more about locking down features, see [Customizations for Windows 10 Enterprise](http://go.microsoft.com/fwlink/p/?LinkId=691442).
+To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
 
 ## Customize Start screen layout for the device
 
diff --git a/windows/manage/lockdown-features-windows-10.md b/windows/manage/lockdown-features-windows-10.md
index 555ec7ab73..c6eaa7e68d 100644
--- a/windows/manage/lockdown-features-windows-10.md
+++ b/windows/manage/lockdown-features-windows-10.md
@@ -34,33 +34,33 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[Hibernate Once/Resume Many (HORM)](http://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device</p></td>
+<td align="left"><p>[Hibernate Once/Resume Many (HORM)](https://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device</p></td>
 <td align="left">N/A</td>
 <td align="left"><p>HORM is supported in Windows 10, version 1607. </p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media</p></td>
-<td align="left">[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626607)</td>
+<td align="left"><p>[Unified Write Filter](https://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media</p></td>
+<td align="left">[Unified Write Filter](https://msdn.microsoft.com/en-us/library/windows/hardware/mt572001.aspx)</td>
 <td align="left"><p>The Unified Write Filter is continued in Windows 10, with the exception of HORM which has been deprecated.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Keyboard Filter]( http://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations</p></td>
-<td align="left">[Keyboard Filter](http://go.microsoft.com/fwlink/p/?LinkId=708391)</td>
+<td align="left"><p>[Keyboard Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations</p></td>
+<td align="left">[Keyboard Filter](https://go.microsoft.com/fwlink/p/?LinkId=708391)</td>
 <td align="left"><p>Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via <strong>Turn Windows Features On/Off</strong>. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Shell Launcher](http://go.microsoft.com/fwlink/p/?LinkId=626676): launch a Classic Windows application on sign-on</p></td>
-<td align="left">[Shell Launcher](http://go.microsoft.com/fwlink/p/?LinkId=618603)</td>
+<td align="left"><p>[Shell Launcher](https://go.microsoft.com/fwlink/p/?LinkId=626676): launch a Classic Windows application on sign-on</p></td>
+<td align="left">[Shell Launcher](https://go.microsoft.com/fwlink/p/?LinkId=618603)</td>
 <td align="left"><p>Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the <strong>SMISettings</strong> category.</p>
-<p>Learn [how to use Shell Launcher to create a kiosk device](http://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Classic Windows application.</p></td>
+<p>Learn [how to use Shell Launcher to create a kiosk device](https://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Classic Windows application.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Application Launcher]( http://go.microsoft.com/fwlink/p/?LinkId=626675): launch a Universal Windows Platform (UWP) app on sign-on</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
+<td align="left"><p>[Application Launcher]( https://go.microsoft.com/fwlink/p/?LinkId=626675): launch a Universal Windows Platform (UWP) app on sign-on</p></td>
+<td align="left">[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
 <td align="left"><p>The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Dialog Filter](http://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run</p></td>
+<td align="left"><p>[Dialog Filter](https://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run</p></td>
 <td align="left">[AppLocker](../keep-secure/applocker-overview.md)</td>
 <td align="left"><p>Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.</p>
 <ul>
@@ -69,44 +69,44 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
 </ul></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Toast Notification Filter]( http://go.microsoft.com/fwlink/p/?LinkId=626673): suppress toast notifications</p></td>
+<td align="left"><p>[Toast Notification Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626673): suppress toast notifications</p></td>
 <td align="left">Mobile device management (MDM) and Group Policy</td>
 <td align="left"><p>Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.</p>
 <p>Group Policy: <strong>User Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>Start Menu and Taskbar</strong> &gt; <strong>Notifications</strong></p>
-<p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow action center notifications</strong> and a [custom OMA-URI setting](http://go.microsoft.com/fwlink/p/?LinkID=616317) for <strong>AboveLock/AllowActionCenterNotifications</strong>.</p></td>
+<p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow action center notifications</strong> and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for <strong>AboveLock/AllowActionCenterNotifications</strong>.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Embedded Lockdown Manager](http://go.microsoft.com/fwlink/p/?LinkId=626763): configure lockdown features</p></td>
-<td align="left">[Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/p/?LinkID=525483)</td>
+<td align="left"><p>[Embedded Lockdown Manager](https://go.microsoft.com/fwlink/p/?LinkId=626763): configure lockdown features</p></td>
+<td align="left">[Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkID=525483)</td>
 <td align="left"><p>The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[USB Filter](http://go.microsoft.com/fwlink/p/?LinkId=626674): restrict USB devices and peripherals on system</p></td>
+<td align="left"><p>[USB Filter](https://go.microsoft.com/fwlink/p/?LinkId=626674): restrict USB devices and peripherals on system</p></td>
 <td align="left">MDM and Group Policy</td>
 <td align="left"><p>The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.</p>
 <p>Group Policy: <strong>Computer Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>System</strong> &gt; <strong>Device Installation</strong> &gt; <strong>Device Installation Restrictions</strong></p>
 <p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow removable storage</strong> or <strong>Allow USB connection (Windows 10 Mobile only)</strong>.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkID=613653): launch a UWP app on sign-in and lock access to system</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
+<td align="left"><p>[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkID=613653): launch a UWP app on sign-in and lock access to system</p></td>
+<td align="left">[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
 <td align="left"><p>Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.</p>
 <p>In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.</p>
-<p>Learn [how to use Assigned Access to create a kiosk device](http://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Universal Windows app.</p></td>
+<p>Learn [how to use Assigned Access to create a kiosk device](https://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Universal Windows app.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Gesture Filter](http://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
-<td align="left"><p>The capabilities of Gesture Filter have been consolidated into Assigned Access for Windows 10. In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. For Windows 10, Charms have been removed, and blocking the closing or switching of apps is part of Assigned Access.</p></td>
+<td align="left"><p>[Gesture Filter](https://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen</p></td>
+<td align="left">MDM and Group Policy</td>
+<td align="left"><p>In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy. </p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Custom Logon]( http://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown</p></td>
-<td align="left">[Embedded Logon](http://go.microsoft.com/fwlink/p/?LinkId=626760)</td>
+<td align="left"><p>[Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown</p></td>
+<td align="left">[Embedded Logon](https://go.microsoft.com/fwlink/p/?LinkId=626760)</td>
 <td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Unbranded Boot](http://go.microsoft.com/fwlink/p/?LinkId=626872): custom brand a device by removing or replacing Windows boot UI elements</p></td>
-<td align="left">[Unbranded Boot](http://go.microsoft.com/fwlink/p/?LinkId=626873)</td>
+<td align="left"><p>[Unbranded Boot](https://go.microsoft.com/fwlink/p/?LinkId=626872): custom brand a device by removing or replacing Windows boot UI elements</p></td>
+<td align="left">[Unbranded Boot](https://go.microsoft.com/fwlink/p/?LinkId=626873)</td>
 <td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
 </tr>
 </tbody>
diff --git a/windows/manage/lockdown-xml.md b/windows/manage/lockdown-xml.md
index 08bd7496c7..2e5addcac7 100644
--- a/windows/manage/lockdown-xml.md
+++ b/windows/manage/lockdown-xml.md
@@ -21,10 +21,10 @@ Windows 10 Mobile allows enterprises to lock down a device, define multiple use
 
 This topic provides example XML that you can use in your own lockdown XML file that can be included in a provisioning package or when using a mobile device management (MDM) solution to push lockdown settings to enrolled devices.
 
-Lockdown XML is an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+Lockdown XML is an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 > [!NOTE]
->  On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](set-up-a-device-for-anyone-to-use.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+>  On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](set-up-a-device-for-anyone-to-use.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](how-it-pros-can-use-configuration-service-providers.md) first.
 
@@ -266,7 +266,7 @@ In the following example, when a user presses the Search button, the phone diale
 
 ![XML for CSP Runner](images/CSPRunnerXML.jpg)
 
-You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962%28v=vs.85%29.aspx).
+You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962%28v=vs.85%29.aspx).
  
 CSPRunner is helpful when you are configuring a device to support multiple roles. It lets you apply different policies according to the role that is signed on. For example, Wi-Fi could be enabled for a supervisor role and disabled for a stocking clerk role. 
 
@@ -378,7 +378,7 @@ For a list of the settings and quick actions that you can allow or block, see [S
  
  If you have existing lockdown xml, you must update start screen size if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. 
  
- [Learn about effective pixel width (epx) for different device size classes.](http://go.microsoft.com/fwlink/p/?LinkId=733340)
+ [Learn about effective pixel width (epx) for different device size classes.](https://go.microsoft.com/fwlink/p/?LinkId=733340)
  
  
  ## Configure additional roles
@@ -428,9 +428,9 @@ For a list of the settings and quick actions that you can allow or block, see [S
 ## Add lockdown XML to a provisioning package
 
 
-Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
 
-1.  Follow the instructions at [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651) to create a project, selecting **Common to all Windows mobile editions** for your project.
+1.  Follow the instructions at [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651) to create a project, selecting **Common to all Windows mobile editions** for your project.
 
 2.  In **Available customizations**, go to **Runtime settings** &gt; **EmbeddedLockdownProfiles** &gt; **AssignedAccessXml**.
 
@@ -467,12 +467,12 @@ Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (
     -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
     -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
 
-After you build the provisioning package, follow the instructions for [applying a provisioning package at runtime to Windows 10 Mobile](http://go.microsoft.com/fwlink/p/?LinkID=619164).
+After you build the provisioning package, follow the instructions for [applying a provisioning package at runtime to Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=619164).
 
 ## Push lockdown XML using MDM
 
 
-After you deploy your devices, you can still configure lockdown settings through your MDM solution if it supports the [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+After you deploy your devices, you can still configure lockdown settings through your MDM solution if it supports the [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 To push lockdown settings to enrolled devices, use the AssignedAccessXML setting and use the lockdown XML as the value. The lockdown XML will be in a HandheldLockdown section that becomes XML embedded in XML, so the XML that you enter must use escaped characters (such as &lt; in place of &lt;). After the MDM provider pushes your lockdown settings to the device, the CSP processes the file and updates the device.
 
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index d1bedc3492..44413130fc 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -2,7 +2,7 @@
 title: Manage connections from Windows operating system components to Microsoft services (Windows 10)
 description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
-keywords: privacy, manage connections to Microsoft
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -12,9 +12,12 @@ author: brianlic-msft
 
 # Manage connections from Windows operating system components to Microsoft services
 
+<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span> 
+
 **Applies to**
 
 -   Windows 10
+-   Windows Server 2016
 
 If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
 
@@ -22,127 +25,14 @@ Learn about the network connections that Windows components make to Microsoft an
 
 If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
 
-Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, Windows 10, version 1507, and Windows 10, version 1511. However, you must use Windows 10 Enterprise, version 1607 or Windows 10 Education, version 1607 to manage them all.
+You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reason why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
 
-You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
 
-We are always working on improving Windows 10 for our customers. We invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows 10 work better for your organization.
 
-Here's what's covered in this article:
+## What's new in Windows 10, version 1607 and Windows Server 2016
 
--   [Info management settings](#bkmk-othersettings)
-
-    -   [1. Certificate trust lists](#certificate-trust-lists)
-
-    -   [2. Cortana](#bkmk-cortana)
-
-        -   [2.1 Cortana Group Policies](#bkmk-cortana-gp)
-
-        -   [2.2 Cortana MDM policies](#bkmk-cortana-mdm)
-
-        -   [2.3 Cortana Windows Provisioning](#bkmk-cortana-prov)
-
-    -   [3. Date & Time](#bkmk-datetime)
-
-    -   [4. Device metadata retrieval](#bkmk-devinst)
-
-    -   [5. Font streaming](#font-streaming)
-
-    -   [6. Insider Preview builds](#bkmk-previewbuilds)
-
-    -   [7. Internet Explorer](#bkmk-ie)
-
-        -   [7.1 Internet Explorer Group Policies](#bkmk-ie-gp)
-
-        -   [7.2 ActiveX control blocking](#bkmk-ie-activex)
-
-    -   [8. Live Tiles](#live-tiles)
-    
-    -   [9. Mail synchronization](#bkmk-mailsync)
-
-    -   [10. Microsoft Account](#bkmk-microsoft-account)
-
-    -   [11. Microsoft Edge](#bkmk-edge)
-
-        -   [11.1 Microsoft Edge Group Policies](#bkmk-edgegp)
-
-        -   [11.2 Microsoft Edge MDM policies](#bkmk-edge-mdm)
-
-        -   [11.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov)
-
-    -   [12. Network Connection Status Indicator](#bkmk-ncsi)
-
-    -   [13. Offline maps](#bkmk-offlinemaps)
-
-    -   [14. OneDrive](#bkmk-onedrive)
-
-    -   [15. Preinstalled apps](#bkmk-preinstalledapps)
-
-    -   [16. Settings &gt; Privacy](#bkmk-settingssection)
-
-        -   [16.1 General](#bkmk-priv-general)
-
-        -   [16.2 Location](#bkmk-priv-location)
-
-        -   [16.3 Camera](#bkmk-priv-camera)
-
-        -   [16.4 Microphone](#bkmk-priv-microphone)
-
-        -   [16.5 Notifications](#bkmk-priv-notifications)
-
-        -   [16.6 Speech, inking, & typing](#bkmk-priv-speech)
-
-        -   [16.7 Account info](#bkmk-priv-accounts)
-
-        -   [16.8 Contacts](#bkmk-priv-contacts)
-
-        -   [16.9 Calendar](#bkmk-priv-calendar)
-
-        -   [16.10 Call history](#bkmk-priv-callhistory)
-
-        -   [16.11 Email](#bkmk-priv-email)
-
-        -   [16.12 Messaging](#bkmk-priv-messaging)
-
-        -   [16.13 Radios](#bkmk-priv-radios)
-
-        -   [16.14 Other devices](#bkmk-priv-other-devices)
-
-        -   [16.15 Feedback & diagnostics](#bkmk-priv-feedback)
-
-        -   [16.16 Background apps](#bkmk-priv-background)
-
-    -   [17. Software Protection Platform](#bkmk-spp)
-
-    -   [18. Sync your settings](#bkmk-syncsettings)
-
-    -   [19. Teredo](#bkmk-teredo)
-
-    -   [20. Wi-Fi Sense](#bkmk-wifisense)
-
-    -   [21. Windows Defender](#bkmk-defender)
-
-    -   [22. Windows Media Player](#bkmk-wmp)
-
-    -   [23. Windows spotlight](#bkmk-spotlight)
-
-    -   [24. Windows Store](#bkmk-windowsstore)
-
-    -   [25. Windows Update Delivery Optimization](#bkmk-updates)
-
-        -   [25.1 Settings &gt; Update & security](#bkmk-wudo-ui)
-
-        -   [25.2 Delivery Optimization Group Policies](#bkmk-wudo-gp)
-
-        -   [25.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm)
-
-        -   [25.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov)
-
-    -   [26. Windows Update](#bkmk-wu)
-
-## What's new in Windows 10, version 1607
-
-Here's a list of changes that were made to this article for Windows 10, version 1607:
+Here's a list of changes that were made to this article for Windows 10, version 1607 and Windows Server 2016:
 
 - Added instructions on how to turn off speech recognition and speech synthesis model updates in [14.5 Speech, inking, & typing](#bkmk-priv-speech).
 - Added instructions on how to turn off flip ahead with an Internet Explorer Group Policy.
@@ -156,17 +46,117 @@ Here's a list of changes that were made to this article for Windows 10, version
     - Turn off unsolicited network traffic on the Offline Maps settings page
     - Turn off all Windows spotlight features
 
-## <a href="" id="bkmk-othersettings"></a>Info management settings
+## <a href="" id="bkmk-othersettings"></a>Settings
 
 
-This section lists the components that make network connections to Microsoft services automatically. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections.
 
-The settings in this section assume you are using Windows 10, version 1607. They will also be included in the next update for the Long Term Servicing Branch.
+If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
 
-See the following table for a summary of the management settings. For more info, see its corresponding section.
+### Settings for Windows 10 Enterprise, version 1607
 
-![Management settings table](images/settings-table.png)
+See the following table for a summary of the management settings for Windows 10 Enterprise, version 1607.
 
+| Setting | UI | Group Policy | MDM policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | | ![Check mark](images/checkmark.png) | | | |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | | ![Check mark](images/checkmark.png) | |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | | | |
+| [5. Font streaming](#font-streaming) | | | | ![Check mark](images/checkmark.png) | |
+| [6. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [7. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [8. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | | |
+| [9. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | |
+| [10. Microsoft Account](#bkmk-microsoft-account) | | | | ![Check mark](images/checkmark.png) | |
+| [11. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [12. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | | | |
+| [13. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [14. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| [15. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
+| [16. Settings > Privacy](#bkmk-settingssection) | | | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.1 General](#bkmk-priv-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.6 Speech, inking, & typing](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.13 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.14 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.15 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.16 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | | | | |
+| [17. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [18. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [19. Teredo](#bkmk-teredo) | | | | | ![Check mark](images/checkmark.png) |
+| [20. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| [21. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [22. Windows Media Player](#bkmk-wmp) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
+| [23. Windows spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [24. Windows Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | | |
+| [25. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [26. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+
+### Settings for Windows Server 2016 with Desktop Experience
+
+See the following table for a summary of the management settings for Windows Server 2016 with Desktop Experience.
+
+| Setting | UI | Group Policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | | |
+| [5. Font streaming](#font-streaming) | | | ![Check mark](images/checkmark.png) | |
+| [6. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [7. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [8. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | |
+| [10. Microsoft Account](#bkmk-microsoft-account) | | | ![Check mark](images/checkmark.png) | |
+| [12. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | | |
+| [14. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | |
+| [16. Settings > Privacy](#bkmk-settingssection) | | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.1 General](#bkmk-priv-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [17. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | | |
+| [19. Teredo](#bkmk-teredo) | | | | ![Check mark](images/checkmark.png) |
+| [21. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [22. Windows Media Player](#bkmk-wmp) | | | | ![Check mark](images/checkmark.png) |
+| [24. Windows Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | |
+| [26. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+
+### Settings for Windows Server 2016 Server Core
+
+See the following table for a summary of the management settings for Windows Server 2016 Server Core.
+
+| Setting | Group Policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [3. Date & Time](#bkmk-datetime) | | ![Check mark](images/checkmark.png) | |
+| [5. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | |
+| [12. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | |
+| [17. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | | |
+| [19. Teredo](#bkmk-teredo) | | | ![Check mark](images/checkmark.png) |
+| [21. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [26. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+
+### Settings for Windows Server 2016 Nano Server
+
+See the following table for a summary of the management settings for Windows Server 2016 Nano Server.
+
+| Setting | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | ![Check mark](images/checkmark.png) | |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | |
+| [19. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) |
+| [26. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | |
+
+## Settings
+
+Use the following sections for more information about how to configure each setting.
 
 ### <a href="" id="certificate-trust-lists"></a>1. Certificate trust lists
 
@@ -174,40 +164,55 @@ A certificate trust list is a predefined list of items, such as a list of certif
 
 To turn off the automatic download of an updated certificate trust list, you can turn off automatic root updates, which also includes the disallowed certificate list and the pin rules list.
 
+For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core:
+
 - Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update**
 
-    -or-
-
-- Create a REG\_DWORD registry setting called **DisableRootAutoUpdate** in **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate**, with a value of 1.
-
-After that, do the following in a Group Policy:
+    -and-
 
 1. Navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies**.
 2. Double-click **Certificate Path Validation Settings**.
 3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
 4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
 
+    -or-
 
-### <a href="" id="bkmk-cortana"></a>2. Cortana
+- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
 
-Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730683).
+    -and-
 
-### <a href="" id="bkmk-cortana-gp"></a>2.1 Cortana Group Policies
+1. Navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies**.
+2. Double-click **Certificate Path Validation Settings**.
+3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
+4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
+
+On Windows Server 2016 Nano Server:
+
+- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
+
+>[!NOTE]  
+>CRL and OCSP network traffic is currently whitelisted and will still show up in network traces.  CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
+
+### <a href="" id="bkmk-cortana"></a>2. Cortana and Search
+
+Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
+
+### <a href="" id="bkmk-cortana-gp"></a>2.1 Cortana and Search Group Policies
 
 Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Search**.
 
 | Policy                                               | Description                                                                           |
 |------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.                          |
-| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.          |
-| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search. <br /> Default: Disabled|
-| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.                                        |
-| Set what information is shared in Search             | Control what information is shared with Bing in Search.                               |
+| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.<br/><br/>Disable this policy to turn off Cortana. |
+| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.<br/><br/>Disable this policy to block access to location information for Cortana. |
+| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search.<br/><br/>Enable this policy to remove the option to search the Internet from Cortana. |
+| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.<br/><br/>Enable this policy to stop web queries and results from showing in Search. |
+| Set what information is shared in Search             | Control what information is shared with Bing in Search.<br/><br/>If you enable this policy and set it to **Anonymous info**, usage information will be shared but not search history, Microsoft Account information, or specific location. |
 
-In Windows 10, version 1507 and Windows 10, version 1511, When you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
+In Windows 10, version 1507 and Windows 10, version 1511, when you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
 
 >[!IMPORTANT]
->These steps are not required for devices running Windows 10, version 1607. 
+>These steps are not required for devices running Windows 10, version 1607 or Windows Server 2016. 
 
 1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
 
@@ -235,19 +240,15 @@ In Windows 10, version 1507 and Windows 10, version 1511, When you enable the **
 
 If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
 
-### <a href="" id="bkmk-cortana-mdm"></a>2.2 Cortana MDM policies
+### <a href="" id="bkmk-cortana-mdm"></a>2.2 Cortana and Search MDM policies
 
-The following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+For Windows 10 only, the following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
 | Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. <br /> Default: Allowed|
 
-### <a href="" id="bkmk-cortana-prov"></a>2.3 Cortana Windows Provisioning
-
-To use Windows Imaging and Configuration Designer (ICD) to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies** to find **Experience** &gt; **AllowCortana** and **Search** &gt; **AllowSearchToUseLocation**.
-
 ### <a href="" id="bkmk-datetime"></a>3. Date & Time
 
 You can prevent Windows from setting the time automatically.
@@ -264,16 +265,26 @@ To prevent Windows from retrieving device metadata from the Internet, apply the
 
 ### <a href="" id="font-streaming"></a>5. Font streaming
 
-Starting with Windows 10, fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
+Fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
 
 To turn off font streaming, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
 
-> [!NOTE] 
-> This may change in future versions of Windows.
 
 ### <a href="" id="bkmk-previewbuilds"></a>6. Insider Preview builds
 
-To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
+The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10.
+
+> [!NOTE]  
+> This setting stops communication with the Windows Insider Preview service that checks for new builds. Windows Insider Preview builds only apply to Windows 10 and are not available for Windows Server 2016.
+
+To turn off Insider Preview builds for a released version of Windows 10:
+
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
+
+To turn off Insider Preview builds for Windows 10:
+
+> [!NOTE]  
+> If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
 
 -   Turn off the feature in the UI: **Settings** > **Update & security** > **Windows Insider Program** > **Stop Insider Preview builds**.
 
@@ -303,11 +314,7 @@ To turn off Insider Preview builds if you're running a released version of Windo
 
 ### <a href="" id="bkmk-ie"></a>7. Internet Explorer
 
-Use Group Policy to manage settings for Internet Explorer.
-
-### <a href="" id="bkmk-ie-gp"></a>7.1 Internet Explorer Group Policies
-
-Find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
+Use Group Policy to manage settings for Internet Explorer.  You can find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -324,7 +331,7 @@ There are two more Group Policy objects that are used by Internet Explorer:
 | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Internet Control Panel** > **Advanced Page**  | Turn off the flip ahead with page prediction feature | Choose whether an employee can swipe across a screen or click forward to go to the next pre-loaded page of a website. <br /> Default: Enabled |
 | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **RSS Feeds** | Turn off background synchronization for feeds and Web Slices | Choose whether to have background synchronization for feeds and Web Slices. <br /> Default: Enabled |
 
-### <a href="" id="bkmk-ie-activex"></a>7.2 ActiveX control blocking
+### <a href="" id="bkmk-ie-activex"></a>7.1 ActiveX control blocking
 
 ActiveX control blocking periodically downloads a new list of out-of-date ActiveX controls that should be blocked. You can turn this off by changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
 
@@ -358,12 +365,12 @@ To turn off the Windows Mail app:
 
 To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways.
 
--   Change the **Start** REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentControlSet\\Services\\wlidsvc** to 4.
+-   Change the **Start** REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to 4.
 
 
 ### <a href="" id="bkmk-edge"></a>11. Microsoft Edge
 
-Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682).
+Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
 
 ### <a href="" id="bkmk-edgegp"></a>11.1 Microsoft Edge Group Policies
 
@@ -407,17 +414,14 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http
 | Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the address bar shows search suggestions.. <br /> Default: Allowed                   |
 | Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
 
-### <a href="" id="bkmk-edge-prov"></a>11.3 Microsoft Edge Windows Provisioning
-
-Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies**.
 
 For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx).
 
 ### <a href="" id="bkmk-ncsi"></a>12. Network Connection Status Indicator
 
-Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
 
-In versions of Windows 10 prior to Windows 10, version 1607, the URL was http://www.msftncsi.com. 
+In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2016, the URL was http://www.msftncsi.com. 
 
 You can turn off NCSI through Group Policy:
 
@@ -615,7 +619,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Window
 
     -or-
 
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Configure SmartScreen Filter**.
 
     Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
 
@@ -664,6 +668,10 @@ To turn off **Let apps on my other devices open apps and continue experiences on
 
 - Turn off the feature in the UI.
 
+    -or-
+
+-   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Group Policy** &gt; **Continue experiences on this device**.
+
 To turn off **Let apps on my other devices use Bluetooth to open apps and continue experiences on this device**:
 
 - Turn off the feature in the UI.
@@ -945,6 +953,10 @@ To turn off **Let apps automatically share and sync info with wireless devices t
 
 -   Turn off the feature in the UI.
 
+     -or-
+
+-   Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps sync with devices**
+
 To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
 
 -   Turn off the feature in the UI.
@@ -1037,16 +1049,24 @@ To turn off **Let apps run in the background**:
 
 -   Turn off the feature in the UI for each app.
 
+    -   Set the **Select a setting** box to **Force Deny**.
+
 ### <a href="" id="bkmk-spp"></a>17. Software Protection Platform
 
 Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
+For Windows 10:
+
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client AVS Validation**
 
     -or-
 
 -   Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is disabled (default) and 1 is enabled.
 
+For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core:
+
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client AVS Validation**
+
 The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
 
 ### <a href="" id="bkmk-syncsettings"></a>18. Sync your settings
@@ -1099,11 +1119,11 @@ To turn off **Connect to suggested open hotspots** and **Connect to networks sha
 
     -or-
 
--   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
+-   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620909).
 
     -or-
 
--   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
+-   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620910).
 
 When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
 
@@ -1115,7 +1135,7 @@ You can disconnect from the Microsoft Antimalware Protection Service.
 
     -or-
 
--   Apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+-   For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
     -or-
 
@@ -1131,7 +1151,7 @@ You can stop sending file samples back to Microsoft.
 
     -or-
 
--   Apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+-   For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
     -   **0**. Always prompt.
 
@@ -1153,7 +1173,7 @@ You can stop downloading definition updates:
 
 -   Disable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
 
-You can stop Enhanced Notifications:
+For Windows 10 only, you can stop Enhanced Notifications:
 
 - Turn off the feature in the UI.
 
@@ -1161,7 +1181,7 @@ You can also use the registry to turn off Malicious Software Reporting Tool tele
 
 ### <a href="" id="bkmk-wmp"></a>22. Windows Media Player
 
-To remove Windows Media Player:
+To remove Windows Media Player on Windows 10:
 
 -   From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
 
@@ -1169,6 +1189,10 @@ To remove Windows Media Player:
 
 -   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
 
+To remove Windows Media Player on Windows Server 2016:
+
+-   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
+
 ### <a href="" id="bkmk-spotlight"></a>23. Windows spotlight
 
 Windows spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or through Group Policy.
@@ -1212,7 +1236,7 @@ For more info, see [Windows Spotlight on the lock screen](../manage/windows-spot
 
 ### <a href="" id="bkmk-windowsstore"></a>24. Windows Store
 
-You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled.
+You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled. On Windows Server 2016, this will block Windows Store calls from Universal Windows Apps.
 
 -   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Windows Store**.
 
@@ -1261,7 +1285,7 @@ The following Delivery Optimization MDM policies are available in the [Policy CS
 
 If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
 
-Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
+Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
 
 1.  Open Windows ICD, and then click **New provisioning package**.
 
@@ -1271,7 +1295,7 @@ Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windo
 
 4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
 
-For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684).
+For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
 
 ### <a href="" id="bkmk-wu"></a>26. Windows Update
 
@@ -1294,7 +1318,7 @@ You can turn off automatic updates by doing one of the following. This is not re
 
     -or-
 
--   Apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+-   For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
     -   **0**. Notify the user before downloading the update.
 
diff --git a/windows/manage/manage-corporate-devices.md b/windows/manage/manage-corporate-devices.md
index c3bdd6979a..f96628d60a 100644
--- a/windows/manage/manage-corporate-devices.md
+++ b/windows/manage/manage-corporate-devices.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Manage corporate devices
@@ -34,7 +34,7 @@ Your employees using devices that are owned by the organization can connect to A
 
 You can join a device running Windows 10 to an on-premises Active Directory domain after the first-run experience (sometimes called out-of-box experience or OOBE). You can add devices running Windows 10 to your existing Active Directory infrastructure and manage them just as you've always been used to managing PCs running Windows.
 
-Desktop devices running Windows 10 that are joined to an Active Directory domain can be managed using Group Policy and System Center 2012 R2 Configuration Manager. The following table shows the management support for Windows 10 in Configuration Manager.
+Desktop devices running Windows 10 that are joined to an Active Directory domain can be managed using Group Policy and System Center Configuration Manager (current branch). The following table shows the management support for Windows 10 in Configuration Manager.
 
 <table>
 <colgroup>
@@ -49,7 +49,7 @@ Desktop devices running Windows 10 that are joined to an Active Directory domai
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[Microsoft System Center Configuration Manager 2016](http://go.microsoft.com/fwlink/p/?LinkId=613622)</p></td>
+<td align="left"><p>[System Center Configuration Manager (current branch) ](https://technet.microsoft.com/en-us/library/mt346023.aspx)</p></td>
 <td align="left"><p>Client deployment, upgrade, and management with new and existing features</p></td>
 </tr>
 <tr class="even">
@@ -71,7 +71,7 @@ Devices joined to Azure AD can be managed using Microsoft Intune or other mobile
 
 ![mdm options for mobile, desktop, and iot through device lifecycle](images/mdm.png)
 
-For flexibility in identity and management, you can combine Active Directory and Azure AD. Learn about [integrating Active Directory and Azure Active Directory for a hybrid identity solution](http://go.microsoft.com/fwlink/p/?LinkId=613209).
+For flexibility in identity and management, you can combine Active Directory and Azure AD. Learn about [integrating Active Directory and Azure Active Directory for a hybrid identity solution](https://go.microsoft.com/fwlink/p/?LinkId=613209).
 
 ## How setting conflicts are resolved
 
@@ -92,7 +92,7 @@ When setting values that do not have a security implication conflict, last write
 
 Devices running Windows 10 include a built-in agent that can be used by MDM servers to enroll and manage devices. MDM servers do not need to create a separate agent or client to install on devices running Windows 10.
 
-For more information about the MDM protocols, see [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkID=533172).
+For more information about the MDM protocols, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkID=533172).
 
 ## Learn more
 
@@ -100,19 +100,19 @@ For more information about the MDM protocols, see [Mobile device management](htt
 
 [Azure AD, Microsoft Intune and Windows 10 - Using the cloud to modernize enterprise mobility](https://blogs.technet.microsoft.com/enterprisemobility/2015/06/12/azure-ad-microsoft-intune-and-windows-10-using-the-cloud-to-modernize-enterprise-mobility/)
 
-[Microsoft Intune End User Enrollment Guide](http://go.microsoft.com/fwlink/p/?LinkID=617169)
+[Microsoft Intune End User Enrollment Guide](https://go.microsoft.com/fwlink/p/?LinkID=617169)
 
-[Azure AD Join on Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkId=616791)
+[Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
 
-[Azure AD support for Windows 10](http://go.microsoft.com/fwlink/p/?LinkID=615765)
+[Azure AD support for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=615765)
 
-[Windows 10 and Azure Active Directory: Embracing the Cloud](http://go.microsoft.com/fwlink/p/?LinkId=615768)
+[Windows 10 and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
 
-[How to manage Windows 10 devices using Intune](http://go.microsoft.com/fwlink/p/?LinkId=613620)
+[How to manage Windows 10 devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
 
-[Using Intune alone and with Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=613207)
+[Using Intune alone and with Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=613207)
 
-Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=613208)
+Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=613208)
 
 ## Related topics
 
diff --git a/windows/manage/manage-cortana-in-enterprise.md b/windows/manage/manage-cortana-in-enterprise.md
index 7b756a7a18..36b77add2e 100644
--- a/windows/manage/manage-cortana-in-enterprise.md
+++ b/windows/manage/manage-cortana-in-enterprise.md
@@ -15,6 +15,8 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
 
 ## Cortana integration with Office 365
@@ -24,27 +26,27 @@ But Cortana works even harder when she connects to Office 365, helping employees
 
 **More info:**
 
--   For specific info about what you need to know as a company administrator, including how to turn off Cortana with Office 365, see the [Cortana integration with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=717378) support topic.
+-   For specific info about what you need to know as a company administrator, including how to turn off Cortana with Office 365, see the [Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717378) support topic.
 
--   For a quick review of the frequently asked questions about Cortana and Office 365 integration, see the blog post, [An early look at Cortana integration with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=717379).
+-   For a quick review of the frequently asked questions about Cortana and Office 365 integration, see the blog post, [An early look at Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717379).
 
 ## Cortana and Power BI
 Integration between Cortana and Power BI shows how Cortana can work with custom business analytics solutions to enable you to get answers directly from your key business data, including introducing new features that let you create custom Cortana answers using the full capabilities of Power BI Desktop.
 
 **More info:**
 
--   For specific info about how to start using Power BI and Cortana integration, how to customize your data results, and how to use the “Hey Cortana” functionality, see the [Power BI: Announcing Power BI integration with Cortana and new ways to quickly find insights in your data](http://go.microsoft.com/fwlink/p/?LinkId=717382) blog.
+-   For specific info about how to start using Power BI and Cortana integration, how to customize your data results, and how to use the “Hey Cortana” functionality, see the [Power BI: Announcing Power BI integration with Cortana and new ways to quickly find insights in your data](https://go.microsoft.com/fwlink/p/?LinkId=717382) blog.
 
 ## Cortana and Microsoft Dynamics CRM
 Cortana integration is a Preview feature that's available for your test or dev environment, starting with the CRM Online 2016 Update. If you decide to use this Preview feature, you'll need to turn in on and accept the license terms. After that, salespeople will get proactive insights from Cortana on important CRM activities, including sales leads, accounts, and opportunities; presenting the most relevant info at any given time.
 
 **More info:**
--   For more info about Preview features, see [What are Preview features and how do I enable them?](http://go.microsoft.com/fwlink/p/?LinkId=746817).
--   For more info about Cortana, see [What is Cortana?](http://go.microsoft.com/fwlink/p/?LinkId=746818).
--   For more info about CRM integration, how to turn on Cortana, and how to provide feedback, see [Preview feature: Set up Cortana integration](http://go.microsoft.com/fwlink/p/?LinkId=746819).
+-   For more info about Preview features, see [What are Preview features and how do I enable them?](https://go.microsoft.com/fwlink/p/?LinkId=746817).
+-   For more info about Cortana, see [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818).
+-   For more info about CRM integration, how to turn on Cortana, and how to provide feedback, see [Preview feature: Set up Cortana integration](https://go.microsoft.com/fwlink/p/?LinkId=746819).
 
 ## Cortana and privacy
-We understand that there are concerns about Cortana and enterprise privacy, so we’ve put together the [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=717383) topic that covers many of the frequently asked questions. These questions include things such as what info is collected by Cortana, where the info is saved, how to manage what data is collected, how to turn Cortana off, how to opt completely out of data collection, and what info is shared with other Microsoft apps and services.
+We understand that there are concerns about Cortana and enterprise privacy, so we’ve put together the [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=717383) topic that covers many of the frequently asked questions. These questions include things such as what info is collected by Cortana, where the info is saved, how to manage what data is collected, how to turn Cortana off, how to opt completely out of data collection, and what info is shared with other Microsoft apps and services.
 
 ## Set up Cortana using Group Policy and MDM policies
 Set up and manage Cortana by using the following Group Policy and mobile device management (MDM) policies.
@@ -62,11 +64,11 @@ Set up and manage Cortana by using the following Group Policy and mobile device
 |Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Experience/AllowCortana |Specifies whether employees can use Cortana.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). However, employees can still perform local searches even with Cortana turned off. |
 
 **More info:**
--   For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkId=717380) topic, located in the configuration service provider reference topics. For specific info about how to set, manage, and use each of these Group Policies to configure Cortana in your enterprise, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=717381).
+-   For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkId=717380) topic, located in the configuration service provider reference topics. For specific info about how to set, manage, and use each of these Group Policies to configure Cortana in your enterprise, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=717381).
 
 ## Related topics
-- [Cortana and Windows](http://go.microsoft.com/fwlink/p/?LinkId=717384)
-- [Cortana for developers](http://go.microsoft.com/fwlink/p/?LinkId=717385)
+- [Cortana and Windows](https://go.microsoft.com/fwlink/p/?LinkId=717384)
+- [Cortana for developers](https://go.microsoft.com/fwlink/p/?LinkId=717385)
 
  
 
diff --git a/windows/manage/manage-tips-and-suggestions.md b/windows/manage/manage-tips-and-suggestions.md
index f64642592b..2fbb2e3cda 100644
--- a/windows/manage/manage-tips-and-suggestions.md
+++ b/windows/manage/manage-tips-and-suggestions.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Manage Windows 10 and Windows Store tips, tricks, and suggestions
diff --git a/windows/manage/manage-users-and-groups-windows-store-for-business.md b/windows/manage/manage-users-and-groups-windows-store-for-business.md
index e445c7f72b..23783a767d 100644
--- a/windows/manage/manage-users-and-groups-windows-store-for-business.md
+++ b/windows/manage/manage-users-and-groups-windows-store-for-business.md
@@ -33,20 +33,20 @@ Azure AD is an Azure service that provides identity and access management capabi
 
 -   Integrate with on-premises Active Directory.
 
-For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611).
+For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
 
 ## Add user accounts to your Azure AD directory
 
 
 If you created a new Azure AD directory when you signed up for Store for Business, you'll have a directory set up with one user account - the global administrator. That global administrator can add user accounts to your Azure AD directory. However, adding user accounts to your Azure AD directory will not give those employees access to Store for Business. You'll need to assign Store for Business roles to your employees. For more information, see [Roles and permissions in the Store for Business.](roles-and-permissions-windows-store-for-business.md)
 
-You can use the [Office 365 admin dashboard](http://go.microsoft.com/fwlink/p/?LinkId=708616) or [Azure management portal](http://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](http://go.microsoft.com/fwlink/p/?LinkId=708617).
+You can use the [Office 365 admin dashboard](https://go.microsoft.com/fwlink/p/?LinkId=708616) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
 
 For more information, see:
 
--   [Add user accounts using Office 365 admin dashboard](http://go.microsoft.com/fwlink/p/?LinkId=708618)
+-   [Add user accounts using Office 365 admin dashboard](https://go.microsoft.com/fwlink/p/?LinkId=708618)
 
--   [Add user accounts using Azure management portal](http://go.microsoft.com/fwlink/p/?LinkId=708619)
+-   [Add user accounts using Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708619)
 
  
 
diff --git a/windows/manage/manage-wifi-sense-in-enterprise.md b/windows/manage/manage-wifi-sense-in-enterprise.md
index 6f26bd1a70..6f0d6a2526 100644
--- a/windows/manage/manage-wifi-sense-in-enterprise.md
+++ b/windows/manage/manage-wifi-sense-in-enterprise.md
@@ -17,6 +17,8 @@ localizationpriority: medium
 -   Windows 10
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
 
 The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10.
@@ -50,7 +52,7 @@ You can manage your Wi-Fi Sense settings by using registry keys and the Registry
 1.  Open your Registry Editor and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\`
 
 2.  Create and set a new **DWORD (32-bit) Value** named, **AutoConnectAllowedOEM**, with a **Value data** of **0 (zero)**.
-<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](http://go.microsoft.com/fwlink/p/?LinkId=620959).
+<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](https://go.microsoft.com/fwlink/p/?LinkId=620959).
 
     ![Registry Editor, showing the creation of a new DWORD value](images/wifisense-registry.png)
 
@@ -60,7 +62,7 @@ You can manage your Wi-Fi Sense settings by changing the Windows provisioning se
 **To set up Wi-Fi Sense using WiFISenseAllowed**
 
 -   Change the Windows Provisioning setting, **WiFISenseAllowed**, to **0**.
-<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
+<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620909).
 
 ### Using Unattended Windows Setup settings
 If your company still uses Unattend, you can manage your Wi-Fi Sense settings by changing the Unattended Windows Setup setting, **WiFiSenseAllowed**.
@@ -68,7 +70,7 @@ If your company still uses Unattend, you can manage your Wi-Fi Sense settings by
 **To set up Wi-Fi Sense using WiFISenseAllowed**
 
 -   Change the Unattended Windows Setup setting, **WiFISenseAllowed**, to **0**.
-<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
+<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620910).
 
 ### How employees can change their own Wi-Fi Sense settings
 If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings &gt; Network & Internet &gt; Wi-Fi &gt; Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**.
@@ -84,8 +86,8 @@ Even if you selected **Automatically connect to networks shared by your contacts
 If you select the **Share network with my contacts** check box the first time you connect to a new network, the network won’t be shared.
 
 ## Related topics
-- [Wi-Fi Sense and Privacy](http://go.microsoft.com/fwlink/p/?LinkId=620911)
-- [How to configure Wi-Fi Sense on Windows 10 in an enterprise](http://go.microsoft.com/fwlink/p/?LinkId=620959)
+- [Wi-Fi Sense and Privacy](https://go.microsoft.com/fwlink/p/?LinkId=620911)
+- [How to configure Wi-Fi Sense on Windows 10 in an enterprise](https://go.microsoft.com/fwlink/p/?LinkId=620959)
 
  
 
diff --git a/windows/manage/mandatory-user-profile.md b/windows/manage/mandatory-user-profile.md
new file mode 100644
index 0000000000..5a19dddc3e
--- /dev/null
+++ b/windows/manage/mandatory-user-profile.md
@@ -0,0 +1,171 @@
+---
+title: Create mandatory user profiles (Windows 10)
+description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
+keywords: [".man","ntuser"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Create mandatory user profiles
+
+
+**Applies to**
+
+-   Windows 10
+
+> [!NOTE]
+> When a mandatory profile is applied to a PC running Windows 10, version 1511, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update. 
+
+A mandatory user profile is a roaming user profile that has been pre-configured by an administrators to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. 
+
+Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles. 
+
+When the server that stores the mandatory profile is unavailable, such as when the user is not connected to the corporate network, users with mandatory profiles can sign in with the locally cached copy of the mandatory profile, if one exists. Otherwise, the user will be signed in with a temporary profile. 
+
+User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
+
+<span id="extension"/>
+## Profile extension for each Windows version
+
+The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
+
+| Client operating system version | Server operating system version | Profile extension |
+| --- | --- | --- |
+| Windows XP | Windows Server 2003 </br>Windows Server 2003 R2 | none |
+| Windows Vista</br>Windows 7 | Windows Server 2008</br>Windows Server 2008 R2 | v2 |
+| Windows 8 | Windows Server 2012 | v3 |
+| Windows 8.1 | Windows Server 2012 R2 | v4 |
+| Windows 10, versions 1507 and 1511 | N/A | v5 |
+| Windows 10, version 1607 (also known as the Anniversary Update) |  Windows Server 2016 | v6 |
+
+For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
+
+## How to create a mandatory user profile
+
+First, you create a default user profile with the customizations that you want, run Sysprep with CopyProfile set to **True** in the answer file, copy the customized default user profile to a network share, and then you rename the profile to make it mandatory.
+
+**To create a default user profile**
+
+1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
+
+   > [!NOTE] 
+   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. 
+ 
+2. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on. 
+
+   >[!NOTE]
+   >Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-topics).
+
+3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. 
+ 
+3. Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: 
+ 
+     - Microsoft.windowscommunicationsapps_8wekyb3d8bbwe
+     - Microsoft.BingWeather_8wekyb3d8bbwe
+     - Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
+     - Microsoft.Getstarted_8wekyb3d8bbwe
+     - Microsoft.Windows.Photos_8wekyb3d8bbwe
+     - Microsoft.WindowsCamera_8wekyb3d8bbwe
+     - Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe
+     - Microsoft.WindowsStore_8wekyb3d8bbwe
+     - Microsoft.XboxApp_8wekyb3d8bbwe
+     - Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
+     - Microsoft.ZuneMusic_8wekyb3d8bbwe 
+     
+     >[!NOTE]
+     >Uninstalling these apps will decrease sign-in time. If your deployment needs any of these apps, you can leave them installed.
+
+3. At a command prompt, type the following command and press **ENTER**.
+
+    `sysprep /oobe /reboot /generalize /unattend:unattend.xml` 
+
+    (Sysprep.exe is located at: C:\Windows\System32\sysprep. By default, Sysprep looks for unattend.xml in this same folder.)
+    
+    >[!TIP]
+    >If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\System32\Sysprep\Panther\setupact.log and look for an entry like the following:
+    
+    >![Microsoft Bing Translator package](images/sysprep-error.png)
+    
+    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
+  
+5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
+
+6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
+    
+7. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
+
+   ![Example of UI](images/copy-to.png)
+
+8. In **Copy To**, under **Permitted to use**, click **Change**.
+
+   ![Example of UI](images/copy-to-change.png)
+   
+9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
+
+10. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607.
+
+   - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
+   - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.  
+   
+   ![Example of UI](images/copy-to-path.png) 
+
+9. Click **OK** to copy the default user profile.
+
+
+**To make the user profile mandatory**
+
+ 
+3. In File Explorer, open the folder where you stored the copy of the profile.
+
+    >[!NOTE]
+    >If the folder is not displayed, click **View** > **Options** > **Change folder and search options**. On the **View** tab, select **Show hidden files and folders**, clear **Hide protected operating system files**, click **Yes** to confirm that you want to show operating system files, and then click **OK** to save your changes.
+
+1. Rename `Ntuser.dat` to `Ntuser.man`. 
+
+## How to apply a mandatory user profile to users
+
+In a domain, you modify properties for the user account to point to the mandatory profile in a shared folder residing on the server.
+
+**To apply a mandatory user profile to users**
+
+1. Open **Active Directory Users and Computers** (dsa.msc).
+
+2. Navigate to the user account that you will assign the mandatory profile to.
+
+3. Right-click the user name and open **Properties**.
+
+4. On the **Profile** tab, in the **Profile path** field, enter the path to the shared folder without the extension. For example, if the folder name is \\\\*server*\profile.v6, you would enter \\\\*server*\profile.
+
+5. Click **OK**.
+
+It may take some time for this change to replicate to all domain controllers.
+
+
+
+## Apply policies to improve sign-in time
+
+When a user is configured with a mandatory profile, Windows 10 starts as though it was the first sign-in each time the user signs in. To improve sign-in performance for users with mandatory user profiles, apply the following Group Policy settings.
+
+- Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled
+
+
+
+
+
+
+
+
+
+## Related topics
+
+- [Manage Windows 10 Start layout and taskbar options](windows-10-start-layout-options-and-policies.md)
+- [Lock down Windows 10 to specific apps](lock-down-windows-10-to-specific-apps.md)
+- [Windows Spotlight on the lock screen](windows-spotlight.md)
+- [Configure devices without MDM](configure-devices-without-mdm.md)
+
+
+
diff --git a/windows/manage/new-policies-for-windows-10.md b/windows/manage/new-policies-for-windows-10.md
index 6dc1d6a75b..873c393efd 100644
--- a/windows/manage/new-policies-for-windows-10.md
+++ b/windows/manage/new-policies-for-windows-10.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # New policies for Windows 10
@@ -18,9 +18,9 @@ localizationpriority: medium
 -   Windows 10
 -   Windows 10 Mobile
 
-Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](http://go.microsoft.com/fwlink/p/?LinkID=625081).
+Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=625081).
 
-## New GPOs in Windows 10
+## New Group Policy settings in Windows 10
 
 
 There are some new policy settings in Group Policy for devices running Windows 10 , such as:
@@ -41,11 +41,11 @@ There are some new policy settings in Group Policy for devices running Windows 
 
 -   Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu
 
--   [Microsoft Passport](http://go.microsoft.com/fwlink/p/?LinkId=623294)
+-   [Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=623294)
 
 -   Windows Updates for Business
 
-For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=613627).
+For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
 
 ## New MDM policies
 
@@ -66,7 +66,7 @@ Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Wind
 
 -   Security
 
--   [VPN](http://go.microsoft.com/fwlink/p/?LinkId=623295) and enterprise Wi-Fi management
+-   [VPN](https://go.microsoft.com/fwlink/p/?LinkId=623295) and enterprise Wi-Fi management
 
 -   Certificate management
 
@@ -74,9 +74,9 @@ Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Wind
 
 -   Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu
 
-If you use Microsoft Intune for MDM, you can [configure custom policies](http://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkId=616317).
+If you use Microsoft Intune for MDM, you can [configure custom policies](https://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616317).
 
-No new [Exchange ActiveSync policies](http://go.microsoft.com/fwlink/p/?LinkId=613264). For more information, see the [ActiveSync configuration service provider](http://go.microsoft.com/fwlink/p/?LinkId=618944) technical reference.
+No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId=613264). For more information, see the [ActiveSync configuration service provider](https://go.microsoft.com/fwlink/p/?LinkId=618944) technical reference.
 
 ## Related topics
 
diff --git a/windows/manage/prerequisites-windows-store-for-business.md b/windows/manage/prerequisites-windows-store-for-business.md
index 8c759e9d5d..0ca1be50d5 100644
--- a/windows/manage/prerequisites-windows-store-for-business.md
+++ b/windows/manage/prerequisites-windows-store-for-business.md
@@ -28,25 +28,20 @@ You'll need this software to work with Store for Business.
 ### Required
 
 -   IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox.
-
--   Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device.
+-   Employees using apps from Store for Business need at least Windows 10, version 1511 running on a PC or mobile device.
 
 Microsoft Azure Active Directory (AD) accounts for your employees:
-
 -   IT Pros need Azure AD accounts to sign up for Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses.
-
 -   Employees need Azure AD accounts when they access Store for Business content from Windows-based devices.
-
 -   If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account.
 
-For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611).
+For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
 
 ### Optional
 
 While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. If you're considering using management tools, check with the management tool vendor to see if they support Store for Business. The management tool will need to:
 
 -   Integrate with the Windows 10 management framework and Azure AD.
-
 -   Sync with the Store for Business inventory to distribute apps.
 
 ### Proxy configuration
@@ -54,21 +49,15 @@ While not required, you can use a management tool to distribute and manage apps.
 If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Store for Business. Some of the Store for Business features use Windows Store app and Windows Store services. Devices using Store for Business – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs:
 
 -   login.live.com
-
 -   login.windows.net
-
 -   account.live.com
-
 -   clientconfig.passport.net
-
 -   windowsphone.com
-
 -   \*.wns.windows.com
-
 -   \*.microsoft.com
-
--   \*.msftncsi.com/ncsi.txt
-
+-   www.msftncsi.com (prior to Windows 10, version 1607)
+-   www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
+starting with Windows 10, version 1607)
  
 
  
diff --git a/windows/manage/product-ids-in-windows-10-mobile.md b/windows/manage/product-ids-in-windows-10-mobile.md
index fd249d0732..6fd085952b 100644
--- a/windows/manage/product-ids-in-windows-10-mobile.md
+++ b/windows/manage/product-ids-in-windows-10-mobile.md
@@ -233,7 +233,7 @@ The following table lists the product ID and AUMID for each app that is included
 ## Get product ID and AUMID for other apps
 
 
-To get the product ID and AUMID for apps that are installed from Windows Store or installed locally ([side-loaded](http://go.microsoft.com/fwlink/p/?LinkID=623433)), use the following steps.
+To get the product ID and AUMID for apps that are installed from Windows Store or installed locally ([side-loaded](https://go.microsoft.com/fwlink/p/?LinkID=623433)), use the following steps.
 
 **Prerequisites**: a device with an SD card inserted and all apps installed that you want to get IDs for
 
diff --git a/windows/manage/reset-a-windows-10-mobile-device.md b/windows/manage/reset-a-windows-10-mobile-device.md
index 5455485e1f..7a18801dd0 100644
--- a/windows/manage/reset-a-windows-10-mobile-device.md
+++ b/windows/manage/reset-a-windows-10-mobile-device.md
@@ -19,15 +19,15 @@ localizationpriority: high
 
 There are two methods for resetting a Windows 10 Mobile device: factory reset and "wipe and persist" reset.
 
--   **Factory reset** restores the state of the device back to its first-boot state plus any update packages. The reset will not return device to the original factory state. To return the device to the original factory state, you must flash it with the original factory image.All the provisioning applied to the device by the enterprise will be lost and will need to be re-applied if needed. For details on what is removed or persists, see [Resetting a mobile device](http://go.microsoft.com/fwlink/p/?LinkID=703715).
--   **"Wipe and persist" reset** preserves all the provisioning applied to the device before the reset. After the "wipe and persist" reset, all the preserved provisioning packages are automatically applied on the device and the data in the enterprise shared storage folder \\Data\\SharedData\\Enterprise\\Persistent is restored in that folder. For more information on the enterprise shared storage folder, see [EnterpriseExtFileSystem CSP](http://go.microsoft.com/fwlink/p/?LinkId=703716).
+-   **Factory reset** restores the state of the device back to its first-boot state plus any update packages. The reset will not return device to the original factory state. To return the device to the original factory state, you must flash it with the original factory image by using the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq). All the provisioning applied to the device by the enterprise will be lost and will need to be re-applied if needed. For details on what is removed or persists, see [Resetting a mobile device](https://go.microsoft.com/fwlink/p/?LinkID=703715).
+-   **"Wipe and persist" reset** preserves all the provisioning applied to the device before the reset. After the "wipe and persist" reset, all the preserved provisioning packages are automatically applied on the device and the data in the enterprise shared storage folder \\Data\\SharedData\\Enterprise\\Persistent is restored in that folder. For more information on the enterprise shared storage folder, see [EnterpriseExtFileSystem CSP](https://go.microsoft.com/fwlink/p/?LinkId=703716).
 
 You can trigger a reset using your mobile device management (MDM) service, or a user can trigger a reset in the user interface (UI) or by using hardware buttons.
 
 ## Reset using MDM
 
 
-The remote wipe command is sent as an XML provisioning file to the device. Since the [RemoteWipe configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=703714) uses OMA DM and WAP, authentication between client and server and delivery of the XML provisioning file is handled by provisioning. The remote wipe command is implemented on the device by using the **ResetPhone** function. For more information about the data that is removed as a result of the remote wipe command, see [Resetting a mobile device](http://go.microsoft.com/fwlink/p/?LinkId=703715).
+The remote wipe command is sent as an XML provisioning file to the device. Since the [RemoteWipe configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkId=703714) uses OMA DM and WAP, authentication between client and server and delivery of the XML provisioning file is handled by provisioning. The remote wipe command is implemented on the device by using the **ResetPhone** function. For more information about the data that is removed as a result of the remote wipe command, see [Resetting a mobile device](https://go.microsoft.com/fwlink/p/?LinkId=703715).
 
 To perform a factory reset, restoring the device back to its out-of-box state, use the following syncML.
 
diff --git a/windows/manage/set-up-a-device-for-anyone-to-use.md b/windows/manage/set-up-a-device-for-anyone-to-use.md
index 28b5f6a030..f274498ed1 100644
--- a/windows/manage/set-up-a-device-for-anyone-to-use.md
+++ b/windows/manage/set-up-a-device-for-anyone-to-use.md
@@ -20,7 +20,7 @@ localizationpriority: high
 
 **Looking for Windows Embedded 8.1 Industry information?**
 
--   [Assigned Access]( http://go.microsoft.com/fwlink/p/?LinkId=613653)
+-   [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653)
 
 You can configure a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select.
 
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
index 940a457a76..211f47f9c2 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@@ -17,7 +17,7 @@ localizationpriority: high
 
 -   Windows 10
 
->  **Looking for Windows Embedded 8.1 Industry information?** See [Assigned Access]( http://go.microsoft.com/fwlink/p/?LinkId=613653)
+>  **Looking for Windows Embedded 8.1 Industry information?** See [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653)
 
 A single-use or *kiosk* device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education). For a kiosk device to run a Universal Windows app, use the **assigned access** feature. For a kiosk device (Windows 10 Enterprise or Education) to run a Classic Windows application, use **Shell Launcher** to set a custom user interface as the shell. To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
 
@@ -82,9 +82,9 @@ Using assigned access, Windows 10 runs the designated Universal Windows app abo
 
 -   A domain or local user account. 
     
--   A Universal Windows app that is installed or provisioned for that account and is an above lock screen app. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](http://go.microsoft.com/fwlink/p/?LinkId=708386).
+-   A Universal Windows app that is installed or provisioned for that account and is an above lock screen app. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](https://go.microsoft.com/fwlink/p/?LinkId=708386).
 
-    The app can be your own company app that you have made available in your own app Store. To set up assigned access using MDM or PowerShell, you also need the Application User Model ID (AUMID) for the app. [Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
+    The app can be your own company app that you have made available in your own app Store. To set up assigned access using MDM or PowerShell, you also need the Application User Model ID (AUMID) for the app. [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
 
     The Universal Windows app must be able to handle multiple views and cannot launch other apps or dialogs.
 
@@ -111,9 +111,9 @@ To remove assigned access, in step 3, choose **Don't use assigned access**.
 
 Assigned Access has one setting, KioskModeApp. In the KioskModeApp setting, you enter the user account name and AUMID for the app to run in kiosk mode.
 
-[Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
+[Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
 
-[See the technical reference for the Assigned Access configuration service provider.](http://go.microsoft.com/fwlink/p/?LinkId=626608)
+[See the technical reference for the Assigned Access configuration service provider.](https://go.microsoft.com/fwlink/p/?LinkId=626608)
 
 ### <a href="" id="icd"></a>Set up assigned access using Windows Imaging and Configuration Designer (ICD)
 
@@ -177,7 +177,7 @@ When you build a provisioning package, you may include sensitive information in
 
     After you allow the package to be installed, the settings will be applied to the device
 
-[Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+[Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
 
 ### Set up assigned access using Windows PowerShell
 
@@ -202,11 +202,11 @@ Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
 ```
 
 > **Note:** To set up assigned access using `-AppName`, the user account that you specify for assigned access must have logged on at least once. 
-[Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
+[Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
 
 [Learn how to get the AppName](https://msdn.microsoft.com/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
 
-[Learn how to get the SID](http://go.microsoft.com/fwlink/p/?LinkId=615517).
+[Learn how to get the SID](https://go.microsoft.com/fwlink/p/?LinkId=615517).
 
 To remove assigned access, using PowerShell, run the following cmdlet.
 
@@ -224,7 +224,7 @@ Edit the registry to have an account automatically logged on.
 1.  Open Registry Editor (regedit.exe).
 
     **Note**  
-    If you are not familiar with Registry Editor, [learn how to modify the Windows registry](http://go.microsoft.com/fwlink/p/?LinkId=615002).
+    If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
   
 
 2.  Go to
@@ -247,7 +247,7 @@ Edit the registry to have an account automatically logged on.
 
 ### Sign out of assigned access
 
-To sign out of an assigned access account, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched.
+To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
 
 If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
@@ -266,7 +266,7 @@ Using Shell Launcher, you can configure a kiosk device that runs a Classic Windo
 
 -   A Classic Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
 
-[See the technical reference for the shell launcher component.](http://go.microsoft.com/fwlink/p/?LinkId=618603)
+[See the technical reference for the shell launcher component.](https://go.microsoft.com/fwlink/p/?LinkId=618603)
 
 ### Configure Shell Launcher
 
@@ -283,28 +283,73 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici
 
 1.  Open a command prompt as an administrator.
 2.  Enter the following command.
-    <span codelanguage=""></span>
-    <table>
-    <colgroup>
-    <col width="100%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><pre><code>Dism /online /Enable-Feature /FeatureName:Client-EmbeddedShellLauncher</code></pre></td>
-    </tr>
-    </tbody>
-    </table>
+
+    ```
+    Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher
+    ```
 
 **To set your custom shell**
 
 Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
 
 ```
+# Check if shell launcher license is enabled
+function Check-ShellLauncherLicenseEnabled
+{
+    [string]$source = @"
+using System;
+using System.Runtime.InteropServices;
+
+static class CheckShellLauncherLicense
+{
+    const int S_OK = 0;
+
+    public static bool IsShellLauncherLicenseEnabled()
+    {
+        int enabled = 0;
+
+        if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
+            enabled = 0;
+        }
+        
+        return (enabled != 0);
+    }
+
+    static class NativeMethods
+    {
+        [DllImport("Slc.dll")]
+        internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
+    }
+
+}
+"@
+
+    $type = Add-Type -TypeDefinition $source -PassThru
+
+    return $type[0]::IsShellLauncherLicenseEnabled()
+}
+
+[bool]$result = $false
+
+$result = Check-ShellLauncherLicenseEnabled
+"`nShell Launcher license enabled is set to " + $result
+if (-not($result))
+{
+    "`nThis device doesn't have required license to use Shell Launcher"
+    exit
+}
+
 $COMPUTER = "localhost"
 $NAMESPACE = "root\standardcimv2\embedded"
 
 # Create a handle to the class instance so we can call the static methods.
-$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
+try {
+    $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
+    } catch [Exception] {
+    write-host $_.Exception.Message; 
+    write-host "Make sure Shell Launcher feature is enabled"
+    exit
+    }
 
 
 # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
@@ -319,7 +364,7 @@ function Get-UsernameSID($AccountName) {
     $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
 
     return $NTUserSID.Value
-
+    
 }
 
 # Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
index a8a83c428c..1a11ff9c20 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
@@ -21,7 +21,7 @@ localizationpriority: high
 A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise for kiosk mode by using the Apps Corner feature. You can also use the Enterprise Assigned Access configuration service provider (CSP) to configure a kiosk experience.
 
 **Note**  
-The specified app must be an above lock screen app. For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](http://go.microsoft.com/fwlink/p/?LinkId=708386).
+The specified app must be an above lock screen app. For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](https://go.microsoft.com/fwlink/p/?LinkId=708386).
 
  
 
@@ -70,7 +70,7 @@ Enterprise Assigned Access allows you to lock down your Windows 10 Mobile or Wi
 
 In AssignedAccessXml, for Application, you enter the product ID for the app to run in kiosk mode. Find product IDs at [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md).
 
-[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](http://go.microsoft.com/fwlink/p/?LinkID=618601)
+[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](https://go.microsoft.com/fwlink/p/?LinkID=618601)
 
 ### Set up assigned access using Windows Imaging and Configuration Designer (ICD)
 
@@ -79,7 +79,7 @@ When you build a provisioning package, you may include sensitive information in
 
 **To create and apply a provisioning package for a kiosk device**
 
-1.  Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+1.  Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
     **Note**  
     Do not escape the xml in *AssignedAccess*.xml file as Windows Imaging and Configuration Designer (ICD) will do that when building the package. Providing escaped xml in Windows ICD will cause building the package fail.
@@ -178,7 +178,7 @@ When you build a provisioning package, you may include sensitive information in
 
         5.  Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device.
 
-        [Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+        [Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
 
 ## Related topics
 
diff --git a/windows/manage/settings-that-can-be-locked-down.md b/windows/manage/settings-that-can-be-locked-down.md
index fe4253fb64..c0348677ba 100644
--- a/windows/manage/settings-that-can-be-locked-down.md
+++ b/windows/manage/settings-that-can-be-locked-down.md
@@ -266,27 +266,27 @@ The following table lists the settings pages and page groups. Use the page name
 <tr class="even">
 <td align="left"></td>
 <td align="left">Narrator</td>
-<td align="left">SettingsPageEaseoOfAccessNarrator</td>
+<td align="left">SettingsPageEaseOfAccessNarrator</td>
 </tr>
 <tr class="odd">
 <td align="left"></td>
 <td align="left">Magnifier</td>
-<td align="left">SettingsPageEaseoOfAccessMagnifier</td>
+<td align="left">SettingsPageEaseOfAccessMagnifier</td>
 </tr>
 <tr class="even">
 <td align="left"></td>
 <td align="left">High contrast</td>
-<td align="left">SettingsPageEaseoOfAccessHighContrast</td>
+<td align="left">SettingsPageEaseOfAccessHighContrast</td>
 </tr>
 <tr class="odd">
 <td align="left"></td>
 <td align="left">Closed captions</td>
-<td align="left">SettingsPageEaseoOfAccessClosedCaptioning</td>
+<td align="left">SettingsPageEaseOfAccessClosedCaptioning</td>
 </tr>
 <tr class="even">
 <td align="left"></td>
 <td align="left">More options</td>
-<td align="left">SettingsPageEaseoOfAccessMoreOptions</td>
+<td align="left">SettingsPageEaseOfAccessMoreOptions</td>
 </tr>
 <tr class="odd">
 <td align="left">Privacy</td>
diff --git a/windows/manage/sign-up-windows-store-for-business.md b/windows/manage/sign-up-windows-store-for-business.md
index b64638e1a8..69d44f17e8 100644
--- a/windows/manage/sign-up-windows-store-for-business.md
+++ b/windows/manage/sign-up-windows-store-for-business.md
@@ -27,7 +27,7 @@ Before signing up for the Store for Business, make sure you're the global admini
 
 **To sign up for the Store for Business**
 
-1.  Go to [https://www.microsoft.com/business-store](http://go.microsoft.com/fwlink/p/?LinkId=691845), and click **Sign up**.
+1.  Go to [https://www.microsoft.com/business-store](https://go.microsoft.com/fwlink/p/?LinkId=691845), and click **Sign up**.
 
     -   If you start the Store for Business sign up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome).
 
diff --git a/windows/manage/stop-employees-from-using-the-windows-store.md b/windows/manage/stop-employees-from-using-the-windows-store.md
index 7a21ec1cc1..c95b8cddad 100644
--- a/windows/manage/stop-employees-from-using-the-windows-store.md
+++ b/windows/manage/stop-employees-from-using-the-windows-store.md
@@ -80,7 +80,7 @@ If you have mobile devices in your organization that you upgraded from earlier v
 
 When your MDM tool supports Windows Store for Business, the MDM can use these CSPs to block Windows Store app:
 
--   [Policy](http://go.microsoft.com/fwlink/p/?LinkId=717030)
+-   [Policy](https://go.microsoft.com/fwlink/p/?LinkId=717030)
 
 -   [EnterpriseAssignedAccess](https://msdn.microsoft.com/library/windows/hardware/mt157024.aspx) (Windows 10 Mobile, only)
 
diff --git a/windows/manage/troubleshoot-windows-store-for-business.md b/windows/manage/troubleshoot-windows-store-for-business.md
index 6be281bae5..55a31b14ec 100644
--- a/windows/manage/troubleshoot-windows-store-for-business.md
+++ b/windows/manage/troubleshoot-windows-store-for-business.md
@@ -53,7 +53,7 @@ The private store for your organization is a page in the Windows Store app that
 
 ## Still having trouble?
 
-If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](http://go.microsoft.com/fwlink/?LinkID=799757).
+If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
                                 
  
 
diff --git a/windows/manage/uev-accessibility.md b/windows/manage/uev-accessibility.md
index e54c168813..08416f8349 100644
--- a/windows/manage/uev-accessibility.md
+++ b/windows/manage/uev-accessibility.md
@@ -1,88 +1,4 @@
 ---
 title: Accessibility for UE-V
-description: Accessibility for UE-V
-author: MaggiePucciEvans
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w10
----
-
-
-# Accessibility for UE-V
-
-
-Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities.
-
-## Access any command with a few keystrokes
-
-
-You can access most commands by using two keystrokes. To use an access key:
-
-1.  Press Alt.
-
-    The keyboard shortcuts are displayed over each feature that is available in the current view.
-
-2.  Press the letter that is shown in the keyboard shortcut over the feature that you want to use.
-
-### Documentation in alternative formats
-
-If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally, formerly known as Recording for the Blind & Dyslexic, Inc. Learning Ally distributes these documents to registered, eligible members of their distribution service.
-
-For information about the availability of Microsoft product documentation and books from Microsoft Press, use the following contact.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left"><p><strong>Learning Ally (formerly Recording for the Blind &amp; Dyslexic, Inc.)</strong></p>
-<p>20 Roszel Road</p>
-<p>Princeton, NJ 08540</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Telephone number from within the United States:</p></td>
-<td align="left"><p>(800) 221-4792</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Telephone number from outside the United States and Canada:</p></td>
-<td align="left"><p>(609) 452-0606</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Fax:</p></td>
-<td align="left"><p>(609) 987-8116</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
-<td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Customer service for people with hearing impairments
-
-If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service:
-
--   For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays.
-
--   For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays.
-
-Microsoft Support Services are subject to the prices, terms, and conditions in place at the time that the service is used.
-
-## For more information
-
-
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://www.microsoft.com/enable/default.aspx).
-
-## Have a suggestion for UE-V?
-
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
-
-## Related topics
-
-[Technical Reference for UE-V](uev-technical-reference.md)
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/uev-for-windows
+---
\ No newline at end of file
diff --git a/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md
index 081924a8c9..3b0c73a34d 100644
--- a/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -11,11 +11,12 @@ ms.prod: w10
 
 # Administering UE-V with Windows PowerShell and WMI
 
+**Applies to**
+-   Windows 10, version 1607
 
 User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V.
 
-**Note**  
-Administering UE-V with Windows PowerShell requires PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495).
+> **Note**&nbsp;&nbsp;Administering UE-V with Windows PowerShell requires PowerShell 3.0 or higher. For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx).
 
 ## Managing the UE-V service and packages by using Windows PowerShell and WMI
 
@@ -32,8 +33,10 @@ After you create and deploy UE-V settings location templates, you can manage tho
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
-[Administering UE-V](uev-administering-uev.md)
+- [Administering UE-V](uev-administering-uev.md)
+
+- [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx)
\ No newline at end of file
diff --git a/windows/manage/uev-administering-uev.md b/windows/manage/uev-administering-uev.md
index 83f4e99a1b..2c1455ebe3 100644
--- a/windows/manage/uev-administering-uev.md
+++ b/windows/manage/uev-administering-uev.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # Administering UE-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 After you finish deploying User Experience Virtualization (UE-V), you'll perform ongoing administrative tasks, such as managing the configuration of the UE-V service and recovering lost settings. These tasks are explained in the following sections.
 
 ## Managing UE-V configurations
@@ -70,4 +73,4 @@ You can use UE-V with Microsoft Application Virtualization (App-V) to share sett
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-application-template-schema-reference.md b/windows/manage/uev-application-template-schema-reference.md
index c5c7a98379..94bdd8dd75 100644
--- a/windows/manage/uev-application-template-schema-reference.md
+++ b/windows/manage/uev-application-template-schema-reference.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Application Template Schema Reference for UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 User Experience Virtualization (UE-V) uses XML settings location templates to define the desktop application settings and Windows settings that are captured and applied by UE-V. UE-V includes a set of default settings location templates. You can also create custom settings location templates with the UE-V template generator.
 
@@ -955,7 +957,7 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md
index e05fa13e99..888c3b7ee1 100644
--- a/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -11,19 +11,21 @@ ms.prod: w10
 
 # Changing the Frequency of UE-V Scheduled Tasks
 
+**Applies to**
+-   Windows 10, version 1607
 
 When the User Experience Virtualization (UE-V) service is enabled, it creates the following scheduled tasks:
 
--   **Monitor Application Settings**
+-   [Monitor Application Settings](#monitor-application-settings)
 
--   **Sync Controller Application**
+-   [Sync Controller Application](#sync-controller-application)
 
--   **Synchronize Settings at Logoff**
+-   [Synchronize Settings at Logoff](#synchronize-settings-at-logoff)
 
--   **Template Auto Update**
+-   [Template Auto Update](#template-auto-update)
 
-**Note**  
-These tasks must remain enabled as UE-V cannot function without them.
+**Note**<br>
+These tasks must remain enabled, because UE-V cannot function without them.
 
 These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
@@ -238,7 +240,7 @@ The following additional information applies to UE-V scheduled tasks:
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-configuring-uev-with-group-policy-objects.md b/windows/manage/uev-configuring-uev-with-group-policy-objects.md
index 9bb13f98c6..4476ea26b3 100644
--- a/windows/manage/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/manage/uev-configuring-uev-with-group-policy-objects.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Configuring UE-V with Group Policy Objects
 
+**Applies to**
+-   Windows 10, version 1607
 
 Some User Experience Virtualization (UE-V) Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. The Group Policy administrative templates for these settings are included in Windows 10, version 1607. 
 
@@ -161,7 +163,7 @@ In addition, Group Policy settings are available for many desktop applications a
 
  
 
-For more information about synchronizing Windows apps, see [Windows App List](http://technet.microsoft.com/library/dn458925.aspx#win8applist).
+For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
 
 **To configure computer-targeted Group Policy settings**
 
@@ -189,7 +191,7 @@ The UE-V service uses the following order of precedence to determine synchroniza
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md
index f6f6eb97fc..e18bff1e74 100644
--- a/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Configuring UE-V with System Center Configuration Manager 
 
+**Applies to**
+-   Windows 10, version 1607
 
 After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of System Center Configuration Manager (2012 SP1 or later) to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
 
@@ -158,7 +160,7 @@ It might be necessary to change the PowerShell execution policy to allow these s
 3.  Run this command on a machine running the ConfigMgr Admin Console:
 
     ``` syntax
-    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath “C:\MyCabFiles\UevPolicyItem.cab” –ConfigurationFile “c:\AgentConfiguration.xml”
+    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"
     ```
 
 4.  Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem
@@ -203,7 +205,7 @@ The result is a baseline CAB file that is ready for import into Configuration Ma
 3.  Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
 
     ``` syntax
-    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site “ABC” –TemplateFolder “C:\ProductionUevTemplates” –Register “MicrosoftNotepad.xml, MicrosoftCalculator.xml” –CabFilePath “C:\MyCabFiles\UevTemplateBaseline.cab”
+    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"
     ```
 
 4.  Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager.
@@ -224,13 +226,12 @@ To distribute a new Notepad template, you would perform these steps:
 
 ## Get the UE-V Configuration Pack
 
-
-The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](http://go.microsoft.com/fwlink/?LinkId=317263).
+You can download the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0](https://www.microsoft.com/en-us/download/details.aspx?id=40913) from the Microsoft Download Center.
 
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-deploy-required-features.md b/windows/manage/uev-deploy-required-features.md
index c3324cab35..8814f6f0c0 100644
--- a/windows/manage/uev-deploy-required-features.md
+++ b/windows/manage/uev-deploy-required-features.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # Deploy required UE-V features
 
+**Applies to**
+-   Windows 10, version 1607
+
 To get up and running with User Experience Virtualization (UE-V), install and configure the following features.
 
 -   [Deploy a settings storage location](#deploy-a-ue-v-settings-storage-location) that is accessible to end users.
@@ -144,7 +147,7 @@ With Windows 10, version 1607 and later, the UE-V service is installed on user d
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/forums/home?forum=mdopuev).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-deploy-uev-for-custom-applications.md b/windows/manage/uev-deploy-uev-for-custom-applications.md
index 120b0b4602..6a44f5decc 100644
--- a/windows/manage/uev-deploy-uev-for-custom-applications.md
+++ b/windows/manage/uev-deploy-uev-for-custom-applications.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # Use UE-V with custom applications 
 
+**Applies to**
+-   Windows 10, version 1607
+
 User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator.
 
 After you’ve reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (third-party, line-of-business, e.g.), you’ll need to deploy the features of UE-V described in this topic.
@@ -238,7 +241,7 @@ Templates that are deployed by using an ESD system or Group Policy objects must
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-for-windows.md b/windows/manage/uev-for-windows.md
index 96293f71db..1f4eaab35c 100644
--- a/windows/manage/uev-for-windows.md
+++ b/windows/manage/uev-for-windows.md
@@ -10,6 +10,9 @@ ms.prod: w10
 
 # User Experience Virtualization (UE-V) for Windows 10 overview
 
+**Applies to**
+-   Windows 10, version 1607
+
 Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 
 
 With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
@@ -92,4 +95,4 @@ You can also [customize UE-V to synchronize settings](uev-deploy-uev-for-custom-
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-getting-started.md b/windows/manage/uev-getting-started.md
index 42fdafe047..f2497cb4f5 100644
--- a/windows/manage/uev-getting-started.md
+++ b/windows/manage/uev-getting-started.md
@@ -10,7 +10,8 @@ ms.prod: w10
 
 # Get Started with UE-V
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
 Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise.
 
@@ -41,7 +42,7 @@ Before you proceed, ensure that your environment meets the following requirement
 
 ## Step 2: Deploy the settings storage location
 
-You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. [Deploy a settings storage location](https://technet.microsoft.com/library/dn458891.aspx#ssl) provides more detailed information.
+You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. For more information, see [Deploy a UE-V Settings Storage Location](uev-deploy-required-features.md#deploy-a-ue-v-settings-storage-location).
 
 **Create a network share**
 
@@ -123,8 +124,11 @@ You’re ready to run a few tests on your UE-V evaluation deployment to see how
 
 5.  You can change the settings in Computer B back to the original Computer A settings. Then log off Computer B and log in to Computer A to verify the changes.
 
-Other resources for this feature
---------------------------------
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Other resources for this feature
 
 -   [User Experience Virtualization overview](uev-for-windows.md)
 
diff --git a/windows/manage/uev-manage-administrative-backup-and-restore.md b/windows/manage/uev-manage-administrative-backup-and-restore.md
index 61f024d919..4b70595e59 100644
--- a/windows/manage/uev-manage-administrative-backup-and-restore.md
+++ b/windows/manage/uev-manage-administrative-backup-and-restore.md
@@ -11,6 +11,9 @@ ms.prod: w10
 
 # Manage Administrative Backup and Restore in UE-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 As an administrator of User Experience Virtualization (UE-V), you can restore application and Windows settings to their original state. You can also restore additional settings when a user adopts a new device.
 
 ## Restore Settings in UE-V when a User Adopts a New Device
@@ -31,7 +34,7 @@ When replacing a user’s device, UE-V automatically restores settings if the us
 You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell:
 
 ``` syntax
-Restore-UevBackup –Machine <MachineName>
+Restore-UevBackup -Machine <MachineName>
 ```
 
 where &lt;MachineName&gt; is the computer name of the device.
@@ -159,7 +162,7 @@ WMI and Windows PowerShell commands let you restore application and Windows sett
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-manage-configurations.md b/windows/manage/uev-manage-configurations.md
index bfcb65c039..81dbad3d82 100644
--- a/windows/manage/uev-manage-configurations.md
+++ b/windows/manage/uev-manage-configurations.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Manage Configurations for UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 In the course of the User Experience Virtualization (UE-V) lifecycle, you have to manage the configuration of the UE-V service and also manage storage locations for resources such as settings package files. The following topics provide guidance for managing these UE-V resources.
 
@@ -56,7 +58,7 @@ Here are some examples of UE-V configuration settings:
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
index e28ebdbf9e..590e4d58c3 100644
--- a/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -11,12 +11,15 @@ ms.prod: w10
 
 # Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
 
+**Applies to**
+-   Windows 10, version 1607
 
-User Experience Virtualization (UE-V) uses XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V template generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://technet.microsoft.com/library/dn520275.aspx).
+User Experience Virtualization (UE-V) uses XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V template generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). 
+
+> **Note**&nbsp;&nbsp;For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx).
 
 ## Manage UE-V settings location templates by using Windows PowerShell
 
-
 The WMI and Windows PowerShell features of UE-V include the ability to enable, disable, register, update, and unregister settings location templates. By using these features, you can automate the process of registering, updating, or unregistering templates with the UE-V service. You can also manually register templates by using WMI and Windows PowerShell commands. By using these features in conjunction with an electronic software distribution solution, Group Policy, or another automated deployment method such as a script, you can further automate that process.
 
 You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates.
@@ -44,11 +47,11 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Lists all the settings location templates that are registered on the computer.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Get-UevTemplate –Application &lt;string&gt;</code></p></td>
+    <td align="left"><p><code>Get-UevTemplate -Application &lt;string&gt;</code></p></td>
     <td align="left"><p>Lists all the settings location templates that are registered on the computer where the application name or template name contains &lt;string&gt;.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Get-UevTemplate –TemplateID &lt;string&gt;</code></p></td>
+    <td align="left"><p><code>Get-UevTemplate -TemplateID &lt;string&gt;</code></p></td>
     <td align="left"><p>Lists all the settings location templates that are registered on the computer where the template ID contains &lt;string&gt;.</p></td>
     </tr>
     <tr class="even">
@@ -76,7 +79,7 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Register-UevTemplate –LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p><code>Register-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
     <td align="left"><p>Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.</p></td>
     </tr>
     <tr class="odd">
@@ -92,11 +95,11 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Update-UevTemplate –LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p><code>Update-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
     <td align="left"><p>Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Clear-UevAppXPackage –Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p><code>Clear-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
     <td align="left"><p>Removes one or more Windows apps from the computer Windows app list.</p></td>
     </tr>
     <tr class="even">
@@ -104,15 +107,15 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Removes Windows app from the current user Windows app list.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Clear-UevAppXPackage –Computer -All</code></p></td>
+    <td align="left"><p><code>Clear-UevAppXPackage -Computer -All</code></p></td>
     <td align="left"><p>Removes all Windows apps from the computer Windows app list.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Clear-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p><code>Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
     <td align="left"><p>Removes one or more Windows apps from the current user Windows app list.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Clear-UevAppXPackage [–CurrentComputerUser] -All</code></p></td>
+    <td align="left"><p><code>Clear-UevAppXPackage [-CurrentComputerUser] -All</code></p></td>
     <td align="left"><p>Removes all Windows apps from the current user Windows app list.</p></td>
     </tr>
     <tr class="even">
@@ -120,11 +123,11 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Disables a settings location template for the current user of the computer.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Disable-UevAppXPackage –Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p><code>Disable-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
     <td align="left"><p>Disables one or more Windows apps in the computer Windows app list.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Disable-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p><code>Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
     <td align="left"><p>Disables one or more Windows apps in the current user Windows app list.</p></td>
     </tr>
     <tr class="odd">
@@ -132,11 +135,11 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Enables a settings location template for the current user of the computer.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Enable-UevAppXPackage –Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p><code>Enable-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
     <td align="left"><p>Enables one or more Windows apps in the computer Windows app list.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Enable-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p><code>Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
     <td align="left"><p>Enables one or more Windows apps in the current user Windows app list.</p></td>
     </tr>
     <tr class="even">
@@ -144,7 +147,7 @@ You must have administrator permissions to update, register, or unregister a set
     <td align="left"><p>Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Test-UevTemplate –LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p><code>Test-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
     <td align="left"><p>Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.</p></td>
     </tr>
     </tbody>
@@ -213,9 +216,9 @@ The enabled state is set in the current user section of the registry.
 <a href="" id="policymachine"></a>**PolicyMachine**  
 The enabled state is set in the policy section of the local computer section of the registry.
 
-To get the user-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage –CurrentComputerUser`
+To get the user-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage -CurrentComputerUser`
 
-To get the computer-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage –Computer`
+To get the computer-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage -Computer`
 
 For either parameter, CurrentComputerUser or Computer, the cmdlet returns a list of the Windows apps that are configured at the user or at the computer level.
 
@@ -257,7 +260,7 @@ User Experience Virtualization provides the following set of WMI commands. Admin
     <td align="left"><p>Lists all the settings location templates that are registered for the computer.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Invoke-WmiMethod –Namespace root\Microsoft\UEV –Class SettingsLocationTemplate –Name GetProcessInfoByTemplateId &lt;template Id&gt;</code></p></td>
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name GetProcessInfoByTemplateId &lt;template Id&gt;</code></p></td>
     <td align="left"><p>Gets the name of the program and version information, which depends on the template name.</p></td>
     </tr>
     <tr class="odd">
@@ -328,10 +331,12 @@ Where a list of Package Family Names is called by the WMI command, the list must
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
 [Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
 
 [Administering UE-V](uev-administering-uev.md)
+
+[User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx)
diff --git a/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
index fc1134e656..eeb54e2454 100644
--- a/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -11,7 +11,12 @@ ms.prod: w10
 
 # Managing the UE-V service and packages with Windows PowerShell and WMI
 
-You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage User Experience Virtualization (UE-V) service configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V Cmdlet Reference](https://technet.microsoft.com/library/dn520275.aspx).
+**Applies to**
+-   Windows 10, version 1607
+
+You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage User Experience Virtualization (UE-V) service configuration and synchronization behavior. 
+
+>**Note**&nbsp;&nbsp;For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx).
 
 
 ## To configure the UE-V service with Windows PowerShell
@@ -64,23 +69,23 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     <td align="left"><p>Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Set-UevConfiguration -Computer –EnableDontSyncWindows8AppSettings</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableDontSyncWindows8AppSettings</code></p></td>
     <td align="left"><p>Configures the UE-V service to not synchronize any Windows apps for all users on the computer.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser – EnableDontSyncWindows8AppSettings</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -EnableDontSyncWindows8AppSettings</code></p></td>
     <td align="left"><p>Configures the UE-V service to not synchronize any Windows apps for the current computer user.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Set-UevConfiguration -Computer –EnableFirstUseNotification</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableFirstUseNotification</code></p></td>
     <td align="left"><p>Configures the UE-V service to display notification the first time the service runs for all users on the computer.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Set-UevConfiguration -Computer –DisableFirstUseNotification</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -DisableFirstUseNotification</code></p></td>
     <td align="left"><p>Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Set-UevConfiguration -Computer –EnableSettingsImportNotify</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableSettingsImportNotify</code></p></td>
     <td align="left"><p>Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.</p>
     <p>Use the <em>DisableSettingsImportNotify</em> parameter to disable notification.</p></td>
     </tr>
@@ -90,27 +95,27 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     <p>Use the <em>DisableSettingsImportNotify</em> parameter to disable notification.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Set-UevConfiguration -Computer –EnableSyncUnlistedWindows8Apps</code></p></td>
-    <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see &quot;Get-UevAppxPackage&quot; in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).</p>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps</code></p></td>
+    <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see &quot;Get-UevAppxPackage&quot; in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).</p>
     <p>Use the <em>DisableSyncUnlistedWindows8Apps</em> parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.</p></td>
     </tr>
     <tr class="odd">
     <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps</code></p></td>
-    <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see &quot;Get-UevAppxPackage&quot; in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).</p>
+    <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see &quot;Get-UevAppxPackage&quot; in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).</p>
     <p>Use the <em>DisableSyncUnlistedWindows8Apps</em> parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Set-UevConfiguration –Computer –DisableSync</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -DisableSync</code></p></td>
     <td align="left"><p>Disables UE-V for all the users on the computer.</p>
     <p>Use the <em>EnableSync</em> parameter to enable or re-enable.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Set-UevConfiguration –CurrentComputerUser -DisableSync</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -DisableSync</code></p></td>
     <td align="left"><p>Disables UE-V for the current user on the computer.</p>
     <p>Use the <em>EnableSync</em> parameter to enable or re-enable.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Set-UevConfiguration -Computer –EnableTrayIcon</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableTrayIcon</code></p></td>
     <td align="left"><p>Enables the UE-V icon in the notification area for all users of the computer.</p>
     <p>Use the <em>DisableTrayIcon</em> parameter to disable the icon.</p></td>
     </tr>
@@ -139,7 +144,7 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     <td align="left"><p>Defines a per-user settings storage location.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Set-UevConfiguration –Computer –SettingsTemplateCatalogPath &lt;path to catalog&gt;</code></p></td>
+    <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsTemplateCatalogPath &lt;path to catalog&gt;</code></p></td>
     <td align="left"><p>Sets the settings template catalog path for all users of the computer.</p></td>
     </tr>
     <tr class="even">
@@ -159,11 +164,11 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     <td align="left"><p>Set the synchronization time-out for the current user.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Clear-UevConfiguration –Computer -&lt;setting name&gt;</code></p></td>
+    <td align="left"><p><code>Clear-UevConfiguration -Computer -&lt;setting name&gt;</code></p></td>
     <td align="left"><p>Clears the specified setting for all users on the computer.</p></td>
     </tr>
     <tr class="odd">
-    <td align="left"><p><code>Clear-UevConfiguration –CurrentComputerUser -&lt;setting name&gt;</code></p></td>
+    <td align="left"><p><code>Clear-UevConfiguration -CurrentComputerUser -&lt;setting name&gt;</code></p></td>
     <td align="left"><p>Clears the specified setting for the current user only.</p></td>
     </tr>
     <tr class="even">
@@ -241,7 +246,7 @@ You can use Windows Management Instrumentation (WMI) and Windows PowerShell to m
     <td align="left"><p>Displays the UE-V service configuration that is defined for a computer.</p></td>
     </tr>
     <tr class="even">
-    <td align="left"><p><code>Get-WmiObject –Namespace root\Microsoft\Uev ConfigurationItem</code></p></td>
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\Uev ConfigurationItem</code></p></td>
     <td align="left"><p>Displays the details for each configuration item.</p></td>
     </tr>
     <tr class="odd">
@@ -339,10 +344,12 @@ When you are finished configuring the UE-V service with WMI and Windows PowerShe
    
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
 [Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
 
 [Administering UE-V](uev-administering-uev.md)
+
+[User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx)
diff --git a/windows/manage/uev-migrating-settings-packages.md b/windows/manage/uev-migrating-settings-packages.md
index 0bf674caeb..85bb7a71b0 100644
--- a/windows/manage/uev-migrating-settings-packages.md
+++ b/windows/manage/uev-migrating-settings-packages.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Migrating UE-V settings packages
 
+**Applies to**
+-   Windows 10, version 1607
 
 In the lifecycle of a User Experience Virtualization (UE-V) deployment, you might have to relocate the user settings packages either when you migrate to a new server or when you perform backups. Settings packages might have to be migrated in the following scenarios:
 
@@ -43,7 +45,7 @@ Simply copying the files and folders does not preserve the security settings and
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-prepare-for-deployment.md b/windows/manage/uev-prepare-for-deployment.md
index a7735d20e4..0fa6f10ff2 100644
--- a/windows/manage/uev-prepare-for-deployment.md
+++ b/windows/manage/uev-prepare-for-deployment.md
@@ -10,7 +10,8 @@ ms.prod: w10
 
 # Prepare a UE-V Deployment
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
 Before you deploy User Experience Virtualization (UE-V), review this topic for important information about the type of deployment you’re planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this topic.
 
@@ -78,10 +79,11 @@ This section explains which settings are synchronized by default in UE-V, includ
 
 -   A statement of support for Windows applications setting synchronization
 
-See [Microsoft Authored Office 2016 UE-V Templates](https://www.microsoft.com/download/details.aspx?id=46367) to download a list of the specific Office 2016 settings that are synchronized by UE-V.
+For downloadable UE-V templates, see:
 
-To download a list of the Microsoft Office 2013 and 2010 settings that are synchronized by UE-V, see [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367). 
+- [Microsoft Authored Office 2016 UE-V Templates](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8)
 
+- [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367) (for Office 2013 and Office 2010) 
 
 ### Desktop applications synchronized by default in UE-V
 
@@ -302,9 +304,11 @@ The UE-V settings storage location and settings template catalog support storing
 
 -   Format the storage volume with an NTFS file system.
 
-<!-- There's a question out for Tommy on the next item -- the link is very old. -->
+-   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
 
--   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](http://go.microsoft.com/fwlink/p/?LinkId=313991).
+    - [Information about roaming profiles from the Directory Services team](https://blogs.technet.microsoft.com/askds/tag/roaming-profiles/)
+    
+    - [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009)
 
     In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
 
@@ -383,6 +387,10 @@ Install the UE-V template generator on the device that is used to create custom
 
 The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 4. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
 
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
 ## Other resources for this feature
 
 -   [User Experience Virtualization overview](uev-for-windows.md)
diff --git a/windows/manage/uev-privacy-statement.md b/windows/manage/uev-privacy-statement.md
index 30e1e65622..eb9e64f8a1 100644
--- a/windows/manage/uev-privacy-statement.md
+++ b/windows/manage/uev-privacy-statement.md
@@ -1,156 +1,4 @@
 ---
 title: User Experience Virtualization Privacy Statement
-description: User Experience Virtualization Privacy Statement
-author: jamiejdt
-ms.assetid: c2919034-f2cf-48d6-b18e-4dd318252426
-ms.pagetype: mdop, virtualization
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.prod: w8
----
-
-
-# User Experience Virtualization Privacy Statement
-
-
-Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft User Experience Virtualization (“UE-V”). This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list.
-
-Microsoft User Experience Virtualization allows the separation of settings from an application or operating system. Those settings can then be transferred to a remote storage location, eliminating the constraints of local storage and giving users the ability to have their settings follow them to other computers.
-
-## <a href="" id="bkmk-collectionanduseofyourinformation"></a>Collection and Use of Your Information
-
-
-The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services.
-
-We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates.
-
-In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.
-
-Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.
-
-Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.
-
-Information that is collected by or sent to Microsoft by UE-V may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.
-
-## Collection and Use of Information about Your Computer
-
-
-When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well.
-
-The privacy details for each UE-V feature, software or service listed in this privacy statement describe what additional information is collected and how it is used.
-
-## Security of Your Information
-
-
-Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities.
-
-## Changes to This Privacy Statement
-
-
-We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.
-
-## For More Information
-
-
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us [MSUEVPrivacy@microsoft.com](mailto:%20MSUEVPrivacy@microsoft.com).
-
-## Specific features
-
-
-The remainder of this document will address the following specific features:
-
-### UE-V Generator
-
-**What This Feature Does**:
-
-The UE-V generator is used to create settings location templates. These templates allow users to roam the settings for their applications.
-
-**Information Collected, Processed, or Transmitted**:
-
-When creating a settings location template the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. None of this information is sent to Microsoft.
-
-If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location template do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
-
--   **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
-
--   **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template.
-
-**Use of Information**:
-
-The template author name and template author email can be used to identify the author of settings location template. If you share the template, the author name and email is viewable to all who use the template. No information is sent to Microsoft.
-
-**Choice/Control**: 
-
-To remove the template author name or template author email, start the UE-V generator application. Select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
-
-## <a href="" id="bkmk-ceip"></a>Customer Experience Improvement Program
-
-
-**What This Feature Does:**
-
-The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information.
-
-**Information Collected, Processed, or Transmitted:**
-
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=248701>.
-
-**Use of Information:**
-
-We use this information to improve the quality, reliability, and performance of Microsoft software and services.
-
-**Choice/Control:**
-
-You are offered the opportunity to participate in CEIP during setup of the UE-V Agent. If you choose to participate and later change your mind, you can turn off CEIP at any time by:Re-running the UE-V agent setup and opting out of CEIP or by setting the following registry key either manually or via Group Policy:
-
-``` syntax
-Key = HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent
-RegEntry name = CustomerExperienceImprovementProgram
-Entry type REG_DWORD (Hexadecimal):
-0 is off
-1 is on
-```
-
-## <a href="" id="bkmk-microsofterrorreporting"></a>Microsoft Error Reporting
-
-
-**What This Feature Does:**
-
-Microsoft Error Reporting provides a service that allows you to report problems you may be having with UE-V or other enabled applications to Microsoft and to receive information that may help you avoid or solve such problems.
-
-**Information Collected, Processed, or Transmitted:**
-
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?LinkId=248702>.
-
-**Use of Information:**
-
-We use the error reporting data to solve customer problems and improve our software and services.
-
-**Choice/Control:**
-
-If you choose the recommended settings during Windows setup, you turn on automatic checking for solutions, which will send basic error reports and look for solutions to the problems reported. If you use automatic checking, you are not typically prompted to send basic information about errors to Microsoft. If a more detailed error report is required, you will be prompted to review it. You can change this setting at any time by going to Action Center in Control Panel.
-
-**Important Information:**
-
-Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at <http://go.microsoft.com/fwlink/?LinkId=262264>.
-
-UE-V will not modify the Microsoft Error Reporting preference and will honor the system setting in the Control Panel and/or the setting enforced via Group Policy.
-
-## <a href="" id="bkmk-microsoftupdate"></a>Microsoft Update
-
-
-**What This Feature Does:**
-
-Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software.
-
-**Information Collected, Processed, or Transmitted:**
-
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>
-
-**Use of Information:**
-
--   For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>.
-
--   Choice/Control:
-
-    For details about controlling this feature, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>.
-
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/uev-security-considerations
+---
\ No newline at end of file
diff --git a/windows/manage/uev-release-notes-1607.md b/windows/manage/uev-release-notes-1607.md
index d28d61f312..416b8f4508 100644
--- a/windows/manage/uev-release-notes-1607.md
+++ b/windows/manage/uev-release-notes-1607.md
@@ -10,10 +10,26 @@ ms.prod: w10
 
 # User Experience Virtualization (UE-V) Release Notes
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
 This topic includes information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
 
+### Company Settings Center removed in UE-V for Windows 10, version 1607
+
+In previous versions of UE-V, users could select which of their customized application settings to synchronize with the Company Settings Center, a user interface that was available on user devices. Additionally, administrators could configure the Company Settings Center to include a link to support resources so that users could easily get support on virtualized settings-related issues.
+
+With the release of Windows 10, version 1607, the Company Settings Center was removed and users can no longer manage their synchronized settings. 
+
+Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.  
+
+**Note**  With the removal of the Company Settings Center, the following group policies are no longer applicable:
+
+-   Contact IT Link Text
+-   Contact IT URL
+-   Tray Icon
+
+
 ### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked
 
 Version 1.0 of UE-V used Offline Files (Client Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
@@ -84,22 +100,22 @@ This section contains hotfixes and KB articles for UE-V.
 
 | KB Article | Title   | Link   |
 |------------|---------|--------|
-| 3018608    | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing       | [support.microsoft.com/kb/3018608/EN-US](http://support.microsoft.com/kb/3018608/EN-US) |
-| 2903501    | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles   | [support.microsoft.com/kb/2903501/EN-US](http://support.microsoft.com/kb/2903501/EN-US) |
-| 2770042    | UE-V Registry Settings                                                         | [support.microsoft.com/kb/2770042/EN-US](http://support.microsoft.com/kb/2770042/EN-US) |
-| 2847017    | UE-V settings replicated by Internet Explorer                                  | [support.microsoft.com/kb/2847017/EN-US](http://support.microsoft.com/kb/2847017/EN-US) |
-| 2769631    | How to repair a corrupted UE-V install                                         | [support.microsoft.com/kb/2769631/EN-US](http://support.microsoft.com/kb/2769631/EN-US) |
-| 2850989    | Migrating MAPI profiles with Microsoft UE-V is not supported                   | [support.microsoft.com/kb/2850989/EN-US](http://support.microsoft.com/kb/2850989/EN-US) |
-| 2769586    | UE-V roams empty folders and registry keys                                     | [support.microsoft.com/kb/2769586/EN-US](http://support.microsoft.com/kb/2769586/EN-US) |
-| 2782997    | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997/EN-US](http://support.microsoft.com/kb/2782997/EN-US) |
-| 2769570    | UE-V does not update the theme on RDS or VDI sessions                          | [support.microsoft.com/kb/2769570/EN-US](http://support.microsoft.com/kb/2769570/EN-US) |
-| 2850582    | How To Use Microsoft User Experience Virtualization With App-V Applications    | [support.microsoft.com/kb/2850582/EN-US](http://support.microsoft.com/kb/2850582/EN-US) |
-| 3041879    | Current file versions for Microsoft User Experience Virtualization             | [support.microsoft.com/kb/3041879/EN-US](http://support.microsoft.com/kb/3041879/EN-US) |
-| 2843592    | Information on User Experience Virtualization and High Availability            | [support.microsoft.com/kb/2843592/EN-US](http://support.microsoft.com/kb/2843592/EN-US) |
+| 3018608    | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing           | [support.microsoft.com/kb/3018608](http://support.microsoft.com/kb/3018608) |
+| 2903501    | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles   | [support.microsoft.com/kb/2903501](http://support.microsoft.com/kb/2903501) |
+| 2770042    | UE-V Registry Settings                                                         | [support.microsoft.com/kb/2770042](http://support.microsoft.com/kb/2770042) |
+| 2847017    | Internet Explorer settings replicated by UE-V                                  | [support.microsoft.com/kb/2847017](http://support.microsoft.com/kb/2847017) |
+| 2769631    | How to repair a corrupted UE-V install                                         | [support.microsoft.com/kb/2769631](http://support.microsoft.com/kb/2769631) |
+| 2850989    | Migrating MAPI profiles with Microsoft UE-V is not supported                   | [support.microsoft.com/kb/2850989](http://support.microsoft.com/kb/2850989) |
+| 2769586    | UE-V roams empty folders and registry keys                                     | [support.microsoft.com/kb/2769586](http://support.microsoft.com/kb/2769586) |
+| 2782997    | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](http://support.microsoft.com/kb/2782997) |
+| 2769570    | UE-V does not update the theme on RDS or VDI sessions                          | [support.microsoft.com/kb/2769570](http://support.microsoft.com/kb/2769570) |
+| 2850582    | How To Use Microsoft User Experience Virtualization With App-V Applications    | [support.microsoft.com/kb/2850582](http://support.microsoft.com/kb/2850582) |
+| 3041879    | Current file versions for Microsoft User Experience Virtualization             | [support.microsoft.com/kb/3041879](http://support.microsoft.com/kb/3041879) |
+| 2843592    | Information on User Experience Virtualization and High Availability            | [support.microsoft.com/kb/2843592](http://support.microsoft.com/kb/2843592) |
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 **Additional resources for this feature**
 
diff --git a/windows/manage/uev-security-considerations.md b/windows/manage/uev-security-considerations.md
index 2cfc34087e..11f3d82582 100644
--- a/windows/manage/uev-security-considerations.md
+++ b/windows/manage/uev-security-considerations.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Security Considerations for UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). For more information, follow the links that are provided here.
 
@@ -215,10 +217,22 @@ We strongly recommend that you do not pre-create folders. Instead, let the UE-V
 
 If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
 
+### Review the contents of settings location templates and control access to them as needed
+
+When creating a settings location template, the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. (None of this information is sent to Microsoft.)
+
+If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location templates do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
+
+-   **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
+
+-   **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template.
+
+To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
+
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-sync-methods.md b/windows/manage/uev-sync-methods.md
index 7b78c035f0..f6f490523d 100644
--- a/windows/manage/uev-sync-methods.md
+++ b/windows/manage/uev-sync-methods.md
@@ -10,6 +10,8 @@ ms.prod: w10
 
 # Sync Methods for UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 The User Experience Virtualization (UE-V) service lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
 
@@ -33,7 +35,7 @@ You can configure the sync method in these ways:
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-sync-trigger-events.md b/windows/manage/uev-sync-trigger-events.md
index 811a463e97..46add6efc1 100644
--- a/windows/manage/uev-sync-trigger-events.md
+++ b/windows/manage/uev-sync-trigger-events.md
@@ -10,6 +10,8 @@ ms.prod: w10
 
 # Sync Trigger Events for UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V service synchronizes those settings with the settings storage location. For more information about Sync Method configuration, see [Sync Methods for UE-V](uev-sync-methods.md).
 
@@ -34,7 +36,7 @@ The following table explains the trigger events for classic applications and Win
 <td align="left"><p><strong>Windows Logon</strong></p></td>
 <td align="left"><ul>
 <li><p>Application and Windows settings are imported to the local cache from the settings storage location.</p></li>
-<li><p>[Asynchronous Windows settings](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings2) are applied.</p></li>
+<li><p>[Asynchronous Windows settings](uev-prepare-for-deployment.md#windows-settings-synchronized-by-default) are applied.</p></li>
 <li><p>Synchronous Windows settings will be applied during the next Windows logon.</p></li>
 <li><p>Application settings will be applied when the application starts.</p></li>
 </ul></td>
@@ -88,7 +90,7 @@ The following table explains the trigger events for classic applications and Win
 <li><p>Asynchronous Windows settings are applied directly.</p></li>
 <li><p>Application settings are applied when the application starts.</p></li>
 <li><p>Both asynchronous and synchronous Windows settings are applied during the next Windows logon.</p></li>
-<li><p>Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](http://technet.microsoft.com/library/dn458944.aspx) for more information.</p></li>
+<li><p>Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](uev-changing-the-frequency-of-scheduled-tasks.md#monitor-application-settings) for more information.</p></li>
 </ul></td>
 <td align="left"><p>NA</p></td>
 </tr>
@@ -105,7 +107,7 @@ The following table explains the trigger events for classic applications and Win
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-synchronizing-microsoft-office-with-uev.md b/windows/manage/uev-synchronizing-microsoft-office-with-uev.md
index 47aaa206af..784667ed37 100644
--- a/windows/manage/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/manage/uev-synchronizing-microsoft-office-with-uev.md
@@ -11,16 +11,19 @@ ms.prod: w10
 
 # Synchronizing Office with UE-V
 
+**Applies to**
+-   Windows 10, version 1607
+
 Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V  support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
 
-To synchronize Office applications settings, you can download Office templates from the [Microsoft User Experience Virtualization (UE-V) Template Gallery](http://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
+To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
 
 
 ## Microsoft Office support in UE-V
 
 UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.  
 
-These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](http://go.microsoft.com/fwlink/p/?LinkId=391220).
+These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](https://technet.microsoft.com/library/jj733593.aspx).
 
 ## Synchronized Office Settings
 
@@ -131,9 +134,9 @@ You can deploy UE-V settings location template with the following methods:
 
 -   **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md#deployasettingstemplatecatalog).
 
--   **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices. For more information, see the guidance provided in the documentation for the [System Center Configuration Pack for User Experience Virtualization](http://go.microsoft.com/fwlink/?LinkId=317263).
+-   **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0](https://www.microsoft.com/en-us/download/details.aspx?id=40913).
 
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-technical-reference.md b/windows/manage/uev-technical-reference.md
index d8eec5847d..20adefafdf 100644
--- a/windows/manage/uev-technical-reference.md
+++ b/windows/manage/uev-technical-reference.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Technical Reference for UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
 This technical reference section includes additional technical documentation about the various features of User Experience Virtualization (UE-V). This information is provided to help the administrator better understand UE-V.
 
@@ -33,10 +35,6 @@ This technical reference section includes additional technical documentation abo
 
     Details the XML structure of UE-V settings location templates and provides guidance for editing these files.
 
--   [Accessibility for UE-V](uev-accessibility.md)
-
-    Describes features and services that make UE-V more accessible for people with disabilities.
-
 -   [Security Considerations for UE-V](uev-security-considerations.md)
 
     Provides a brief overview of accounts, groups, and other security-related considerations for UE-V.
@@ -57,7 +55,7 @@ This technical reference section includes additional technical documentation abo
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
  
 
diff --git a/windows/manage/uev-troubleshooting.md b/windows/manage/uev-troubleshooting.md
index bc48051f72..4060f14739 100644
--- a/windows/manage/uev-troubleshooting.md
+++ b/windows/manage/uev-troubleshooting.md
@@ -11,48 +11,20 @@ ms.prod: w10
 
 # Troubleshooting UE-V
 
+**Applies to**
+-   Windows 10, version 1607
 
-Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+For information that can help with troubleshooting UE-V for Windows 10, see:
 
-##  Find troubleshooting information
+- [UE-V: List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14271.ue-v-list-of-microsoft-support-knowledge-base-articles.aspx)
 
+- [User Experience Virtualization Release Notes](uev-release-notes-1607.md)
 
-You can use the following information to find troubleshooting content or additional technical content for this product.
+- [Technical Reference for UE-V](uev-technical-reference.md)
 
+- [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc)
 
-**To search the TechNet Wiki**
-
-1.  Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
-
-2.  Locate the **Search TechNet Wiki** search box and enter your search term.
-
-3.  Review the search results for assistance.
-
-##  Create a troubleshooting article
-
-
-If you have a troubleshooting tip or a best practice to share that is not already included in TechNet Wiki, you can create your own TechNet Wiki article.
-
-**To create a TechNet Wiki troubleshooting or best practices article**
-
-1.  Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
-
-2.  Sign in with your Microsoft account.
-
-3.  Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles.
-
-4.  Select **Post an article** in the **Getting Started** section.
-
-5.  On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template, which is named **Troubleshooting.html**, and then click **Insert**.
-
-6.  Give the article a descriptive title, and then overwrite the template information as needed to create your article.
-
-7.  After you review your article, add a tag that is named **Troubleshooting** and another tag for the product name. To add tags help other users find your content.
-
-8.  Click **Save** to publish the article to the TechNet Wiki.
-
-## Other resources for this feature
-
+## Other resources
 
 -   [User Experience Virtualization overview](uev-for-windows.md)
 
@@ -62,18 +34,6 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 -   [Administering UE-V](uev-administering-uev.md)
 
--   [Technical reference for UE-V](uev-technical-reference.md)
-
 ## Have a suggestion for UE-V?
 
-
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
-
- 
-
- 
-
-
-
-
-
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-upgrade-uev-from-previous-releases.md b/windows/manage/uev-upgrade-uev-from-previous-releases.md
index acfd9ce64a..aa12c04977 100644
--- a/windows/manage/uev-upgrade-uev-from-previous-releases.md
+++ b/windows/manage/uev-upgrade-uev-from-previous-releases.md
@@ -10,7 +10,8 @@ ms.prod: w10
 
 # Upgrade to UE-V for Windows 10
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
 If you’re already using UE-V 2.x and you’re planning to upgrade user devices to Windows 10, version 1607 or later releases, you need to make only a few adjustments to your existing environment. These steps are explained in more detail below.
 
@@ -26,7 +27,7 @@ If you’re already using UE-V 2.x and you’re planning to upgrade user devices
 
 ## Upgrade user devices to Windows 10, version 1607
 
-Performing an in-place upgrade on user devices automatically installs the UE-V service, updates the settings location path, and migrates users' UE-V settings. See the [Windows 10 for IT Pros documentation](https://technet.microsoft.com/itpro/windows/index) for information about upgrading user devices to Windows 10. 
+Performing an in-place upgrade on user devices automatically installs the UE-V service, updates the settings location path, and migrates users' UE-V settings. See the [Windows 10 documentation for IT Pros](https://technet.microsoft.com/itpro/windows/deploy/index) for information about upgrading user devices to Windows 10. 
 
 ## Verify that UE-V settings were migrated correctly 
 
@@ -90,6 +91,9 @@ The UE-V template generator is included in the Windows Assessment and Deployment
  
 3.	To open the generator, open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator**. 
 
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Other resources for this feature
 
diff --git a/windows/manage/uev-using-uev-with-application-virtualization-applications.md b/windows/manage/uev-using-uev-with-application-virtualization-applications.md
index 1f495c9b74..7d75a528a0 100644
--- a/windows/manage/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/manage/uev-using-uev-with-application-virtualization-applications.md
@@ -11,6 +11,8 @@ ms.prod: w10
 
 # Using UE-V with Application Virtualization applications
 
+**Applies to**
+-   Windows 10, version 1607
 
 User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, an additional step is required because you cannot run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
 
@@ -37,7 +39,7 @@ UE-V monitors when an application opens by the program name and, optionally, by
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-whats-new-in-uev-for-windows.md b/windows/manage/uev-whats-new-in-uev-for-windows.md
index f4192c7109..a7759f623e 100644
--- a/windows/manage/uev-whats-new-in-uev-for-windows.md
+++ b/windows/manage/uev-whats-new-in-uev-for-windows.md
@@ -10,7 +10,8 @@ ms.prod: w10
 
 # What's New in UE-V 
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
 User Experience Virtualization (UE-V) for Windows 10, version 1607, includes these new features and capabilities compared to UE-V 2.1. See [UE-V Release notes](uev-release-notes-1607.md) for more information about the UE-V for Windows 10, version 1607 release.
 
@@ -24,6 +25,10 @@ The changes in UE-V for Windows 10, version 1607 impact already existing impleme
 
 - The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work. 
 
+- The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings. 
+
+- The inbox templates such as Office 2016 and IE 10 are included as a part of Windows 10 and need to be manually registered with Powershell or Group policy before use.
+
 For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md).
 
 > **Important**&nbsp;&nbsp;You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.
@@ -32,11 +37,25 @@ For more information about how to configure an existing UE-V installation after
 
 UE-V for Windows 10 includes a new template generator, available from a new location. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
 
+## Company Settings Center removed in UE-V for Windows 10, version 1607
+
+In previous versions of UE-V, users could select which of their customized application settings to synchronize with the Company Settings Center, a user interface that was available on user devices. Additionally, administrators could configure the Company Settings Center to include a link to support resources so that users could easily get support on virtualized settings-related issues.
+
+With the release of Windows 10, version 1607, the Company Settings Center was removed and users can no longer manage their synchronized settings. 
+
+Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.  
+
+**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable:
+
+-   Contact IT Link Text
+-   Contact IT URL
+-   Tray Icon
+
 ## Compatibility with Microsoft Enterprise State Roaming
 
 With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined devices only.
 
-In hybrid cloud environments, UE-V can roam win32 applications on-premise while [Enterprise State Roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation.
+In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation.
 
 To configure UE-V to roam Windows desktop and application data only, change the following group policies:
 
@@ -52,6 +71,7 @@ Additionally, to enable Windows 10 and UE-V to work together, configure these po
 
 -   Disable “Sync Windows Settings”
 
+
 ## Settings Synchronization Behavior Changed in UE-V for Windows 10
 
 While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 does not synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows.
@@ -86,11 +106,11 @@ To enable settings synchronization using UE-V, do one of the following:
 
 -   Do not enable the Office 365 synchronization experience during Office 2013 installation
 
-UE-V includes Office 2016, Office 2013, and Office 2010 templates. Office 2007 templates are no longer supported. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V includes Office 2016, Office 2013, and Office 2010 templates. Office 2007 templates are no longer supported. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get templates from the [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V).
 
 ## Have a suggestion for UE-V?
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md
index d708176c7f..056526037b 100644
--- a/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -11,7 +11,8 @@ ms.prod: w10
 
 # Working with custom UE-V templates and the UE-V template generator
 
-Applies to: Windows 10, version 1607
+**Applies to**
+-   Windows 10, version 1607
 
 User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
 
@@ -129,8 +130,7 @@ It is possible to create or edit settings location templates in an XML editor wi
 
 ## <a href="" id="share"></a>Share settings location templates with the Template Gallery
 
-
-The UE-V template gallery enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](http://go.microsoft.com/fwlink/p/?LinkId=246589).
+The [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V) enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created.
 
 Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
 
@@ -143,7 +143,7 @@ Before you deploy any settings location template that you have downloaded from t
 ## Have a suggestion for UE-V?
 
 
-Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
 
 ## Related topics
 
diff --git a/windows/manage/windows-10-mobile-and-mdm.md b/windows/manage/windows-10-mobile-and-mdm.md
index a7d4e10a34..6e1b32d24a 100644
--- a/windows/manage/windows-10-mobile-and-mdm.md
+++ b/windows/manage/windows-10-mobile-and-mdm.md
@@ -1,75 +1,59 @@
 ---
-title: Windows 10 Mobile and mobile device management (Windows 10)
-description: This guide provides an overview of the mobile device and app management technologies in the Windows 10 Mobile operating system.
+title: Windows 10 Mobile deployment and management guide (Windows 10)
+description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
 ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E
-keywords: telemetry, BYOD, MDM
+keywords: Mobile, telemetry, BYOD, MDM
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile, devices, security
-author: AMeeus
 localizationpriority: high
+author: AMeeus
 ---
 
-# Windows 10 Mobile and mobile device management
+# Windows 10 Mobile deployment and management guide
 
-**Applies to**
--   Windows 10 Mobile
+*Applies to:  Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607*
 
-This guide provides an overview of the mobile device and app management technologies in the Windows 10 Mobile operating system. It describes how mobile device management (MDM) systems use the built-in device management client to deploy, configure, maintain, and support phones and small tablets running Windows 10 Mobile.
+This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
 
-Bring Your Own Device (BYOD—that is, personal devices) and corporate devices are key scenarios that Windows 10 Mobile MDM capabilities support. The operating system offers a flexible approach to registering devices with directory services and MDM systems, and IT organizations can provision comprehensive device-configuration profiles based on their company’s need to control and secure mobile business data.
-Windows 10 Mobile not only delivers more comprehensive, restrictive configuration settings than Windows Phone 8.1 did but also provides capabilities to deploy and manage apps built on the Universal Windows Platform (UWP). Companies can distribute apps directly from Windows Store or by using their MDM system. They can control and distribute custom line-of-business (LOB) apps the same way.
+Employees increasingly depend on smartphones to complete daily work tasks, but these devices introduce unique management and security challenges. Whether providing corporate devices or allowing people to use their personal devices, IT needs to deploy and manage mobile devices and apps quickly to meet business goals. However, they also need to ensure that the apps and data on those mobile devices are protected against cybercrime or loss. Windows 10 Mobile helps organizations directly address these challenges with robust, flexible, built-in mobile device and app management technologies.
+Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
 
-## Overview
+**In this article**
+-	Deploy
+-	Configure
+-	Apps
+-	Manage
+-	Retire
 
-Organizations’ users increasingly depend on their mobile devices, but phones and tablets bring new and unfamiliar challenges for IT departments. IT must be able to deploy and manage mobile devices and apps quickly to support the business while balancing the growing need to protect corporate data because of evolving laws, regulations, and cybercrime. IT must ensure that the apps and data on those mobile devices are safe, especially on personal devices. Windows 10 Mobile helps organizations address these challenges by providing a robust, flexible, built-in MDM client. IT departments can use the MDM system of their choice to manage this client.
 
-### <a href="" id="built-in-mdm-client--"></a>Built-in MDM client
+## Deploy
+
+Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which Mobile Device Management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced.
+Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or System Center Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050).
+
+### <a href="" id="deployment-scenarios"></a>Deployment scenarios
+
+*Applies to: Corporate and personal devices*
 
 The built-in MDM client is common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT). The client provides a single interface through which you can manage any device that runs Windows 10. The client has two important roles: device enrollment in an MDM system and device management.
 
--   **Device enrollment.** Users can enroll in the MDM system. On Windows 10, a user can register a device with Microsoft Azure Active Directory (Azure AD) and enroll in an MDM system at the same time so that the system can manage the device, the apps running on it, and the confidential data it holds. Enrollment establishes the management authority for the device. Only one management authority (or MDM enrollment) is possible at a time, which helps prevent unauthorized access to devices and ensures their stability and reliability.
--   **Device management.** The MDM client allows the MDM system to configure policy settings; deploy apps and updates; and perform other management tasks, such as remotely wiping the device. The MDM system sends configuration requests and collects inventory through the MDM client. The client uses [configuration service providers (CSPs)](http://go.microsoft.com/fwlink/p/?LinkId=734049) to configure and inventory settings. A CSP is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. (The security architecture of Windows 10 Mobile prevents direct access to registry settings and operating system files. For more information, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).)
+Organizations typically have two scenarios to consider when it comes to device deployment: Bring Your Own (BYO) personal devices and Choose Your Own (CYO) company-owned devices. In both cases, the device must be enrolled in an MDM system, which would configure it with settings appropriate for the organization and the employee. 
+Windows 10 Mobile device management capabilities support both personal devices used in the BYO scenario and corporate devices used in the CYO scenario. The operating system offers a flexible approach to registering devices with directory services and MDM systems. IT organizations can provision comprehensive device-configuration profiles based on their business needs to control and protect mobile business data. Apps can be provisioned easily to personal or corporate devices through the Windows Store for Business, or by using their MDM system, which can also work with the Windows Store for Business for public store apps. 
+Knowing who owns the device and what the employee will use it for are the major factors in determining your management strategy and which controls your organization should put in place. Whether personal devices, corporate devices, or a mixture of the two, deployment processes and configuration policies may differ. 
 
-The MDM client is an integral part of Windows 10 Mobile. As a result, there is no need for an additional, custom MDM app to enroll the device or to allow an MDM system to manage it. All MDM systems have equal access to Windows 10 Mobile MDM application programming interfaces (APIs), so you can choose Microsoft Intune or a third-party MDM product to manage Windows 10 Mobile devices. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=734050).
+For **personal devices**, companies need to be able to manage corporate apps and data on the device without impeding the employee’s ability to personalize it to meet their individual needs. The employee owns the device and corporate policy allows them to use it for both business and personal purposes, with the ability to add personal apps at their discretion. The main concern with personal devices is how organizations can prevent corporate data from being compromised, while still keeping personal data private and under the sole control of the employee. This requires that the device be able to support separation of apps and data with strict control of business and personal data traffic.
 
-### <a href="" id="mobile-edition"></a>Windows 10 Mobile editions
+For **corporate devices**, organizations have a lot more control. IT can provide a selected list of supported device models to employees, or they can directly purchase and preconfigure them. Because devices are owned by the company, employees can be limited as to how much they can personalize these devices. Security and privacy concerns may be easier to navigate, because the device falls entirely under existing company policy. 
 
-Every device that runs Windows 10 Mobile includes all the enterprise mobile device security and management capabilities the MDM client provides. Microsoft also offers an Enterprise edition of Windows 10 Mobile, which includes three additional capabilities. To enable these capabilities, you can provision a license file without reinstalling the operating system:
+### <a href="" id="device-enrollment"></a>Device enrollment
 
--   **Ability to postpone software updates.**Windows 10 Mobile gets software updates directly from Windows Update, and you cannot curate updates prior to deployment. Windows 10 Mobile Enterprise, however, allows you to curate and validate updates prior to deploying them.
--   **No limit on the number of self-signed LOB apps that you can deploy to a single device.** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device, more than 20 if your organization’s devices run Windows 10 Mobile Enterprise.
--   **Set telemetry to security level.** The telemetry security level configures the operating system to gather only the telemetry information required to keep devices secured.
+*Applies to: Corporate and personal devices*
 
->**Note:**  Your organization can opt to purchase a code signing certificate from Verisign to sign LOB apps or use [Windows Store for Business](windows-store-for-business.md) to obtain apps. With either method, you can distribute more than 20 apps to a single device without activating Windows 10 Mobile Enterprise on that device by using your MDM system.
- 
-To activate Windows 10 Mobile Enterprise on any Windows 10 Mobile device, use your company’s MDM system or a provisioning package to inject a license onto the device. You can download a Windows 10 Mobile Enterprise license from the Business Support Portal.
+The way in which personal and corporate devices are enrolled into an MDM system differs. Your operations team should consider these differences when determining which approach is best for mobile workers in your organization. 
 
-### <a href="" id="lifecycle-management--"></a>Lifecycle management
-
-Windows 10 Mobile supports end-to-end lifecycle device management to give companies control of their devices, data, and apps. Comprehensive MDM systems use the built-in MDM client to manage devices throughout their lifecycle, as Figure 1 illustrates. The remainder of this guide describes the operating system’s mobile device and app management capabilities through each phase of the lifecycle, showing how MDM systems use specific features.
-
-![figure 1](images/win10-mobile-mdm-fig1.png)
-
-Figure 1. Device management lifecycle
-
-## <a href="" id="device-deployment--"></a>Device deployment
-
-Device deployment includes the initial registration and configuration of the device, including its enrollment with an MDM system. Sometimes, companies preinstall apps. The major factors in how you deploy devices and which controls you put in place are device ownership and how the user will use the device. This guide covers two scenarios:
-
-1.  Companies allow users to personalize their devices because the users own the devices or because company policy doesn’t require tight controls (defined as *personal devices* in this guide).
-2.  Companies don’t allow users to personalize their devices or they limit personalization, usually because the organization owns the devices and security considerations are high (defined as *corporate devices* in this guide).
-
-Often, employees can choose devices from a list of supported models, or companies provide devices that they preconfigure, or bootstrap, with a baseline configuration.
-
-Microsoft recommends Azure AD Join and MDM enrollment and management for corporate devices and Azure AD Registration and MDM enrollment and management for personal devices.
-
-### <a href="" id="deployment-scenarios--"></a>Deployment scenarios
-
-Most organizations support both personal and corporate device scenarios. The infrastructure for these scenarios is similar, but the deployment process and configuration policies differ. Table 1 describes characteristics of the personal and corporate device scenarios. Activation of a device with an organizational identity is unique to Windows 10 Mobile.
-
-Table 1. Characteristics of personal and corporate device scenarios
+**Device initialization and enrollment considerations**
 
 <table>
 <colgroup>
@@ -80,35 +64,49 @@ Table 1. Characteristics of personal and corporate device scenarios
 <tbody>
 <tr class="odd">
 <td align="left"></td>
-<td align="left">Personal devices</td>
-<td align="left">Corporate devices</td>
+<td align="left"><strong>Personal devices</strong></td>
+<td align="left">Corporate devices</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Ownership</td>
-<td align="left">User</td>
+<td align="left"><strong>Ownership</strong></td>
+<td align="left">Employee</td>
 <td align="left">Organization</td>
 </tr>
 <tr class="odd">
-<td align="left">Primary use</td>
-<td align="left">Personal</td>
-<td align="left">Work</td>
+<td align="left"><strong>Device Innitialization</strong>
+
+In the Out-of-the-Box Experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device.</td>
+<td align="left">The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. </td>
+<td align="left">The primary identity on the device is an organizational identity. Corporate devices are initialized with an organizational account (account@corporatedomain.ext).
+Initialization of a device with a corporate account is unique to Windows 10. No other mobile platform currently offers this capability. The default option is to use an Azure Active Directory organizational identity. 
+Skipping the account setup in OOBE will result in the creation of a local account. The only option to add a cloud account later is to add an MSA, putting this device into a personal device deployment scenario. To start over, the device will have to be reset.
+</td>
 </tr>
 <tr class="even">
-<td align="left">Deployment</td>
-<td align="left">The primary identity on the device is a personal identity. A Microsoft account is the default option for Windows 10 Mobile.</td>
-<td align="left">The primary identity on the device is an organizational identity. An Azure AD account is the default option for Windows 10 Mobile.</td>
+<td align="left"><strong>Device Enrollment</strong> 
+
+Enrolling devices in an MDM system helps control and protect corporate data while keeping workers productive. </td>
+<td align="left">Device enrollment can be initiated by employees. They can add an Azure account as a secondary account to the Windows 10 Mobile device. Provided the MDM system is registered with your Azure AD, the device is automatically enrolled in the MDM system when the user adds an Azure AD account as a secondary account (MSA+AAD+MDM). If your organization does not have Azure AD, the employee’s device will automatically be enrolled into your organization’s MDM system (MSA+MDM).
+MDM enrollment can also be initiated with a provisioning package. This option enables IT to offer easy-to-use self-service enrollment of personal devices. Provisioning is currently only supported for MDM-only enrollment (MSA+MDM). 
+</td>
+<td align="left">The user initiates MDM enrollment by joining the device to the Azure AD instance of their organization. The device is automatically enrolled in the MDM system when the device registers in Azure AD. This requires your MDM system to be registered with your Azure AD (AAD+MDM).</td>
 </tr>
 </tbody>
 </table>
- 
-### <a href="" id="identity-management--"></a>Identity management
 
-People can use only one account to activate a device, so it’s imperative that your organization control which account you enable first. The account you choose will determine who controls the device and influence your management capabilities. The following list describes the impact that users’ identities have on management (Table 2 summarizes these considerations):
+**Recommendation:** Microsoft recommends Azure AD registration and automatic MDM enrollment for corporate devices (AAD+MDM) and personal devices (MSA+AAD+MDM). This requires Azure AD Premium.
 
--   **Personal identity.** In this scenario, employees use their Microsoft account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution. You can apply policies to help protect and contain corporate apps and data on the devices, designed to prevent intellectual property leaks, but users keep full control over personal activities, such as downloading and installing apps and games.
--   **Organizational identity.** In this scenario, employees use their Azure AD account to register the device to Azure AD and automatically enroll it with the organization’s MDM solution. In this case, companies can block personal use of devices. Using organizational Identities to initialize devices gives organizations complete control over devices and allows them to prevent personalization.
+### <a href="" id="identity-management"></a>Identity management 
 
-Table 2. Personal vs. organizational identity
+*Applies to: Corporate and personal devices*
+
+Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen will determine who controls the device and influence your management capabilities. 
+
+>**Note:** Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, etc. Both an [MSA](https://www.microsoft.com/en-us/account/) and an [Azure AD account](https://www.microsoft.com/en-us/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) give access to these services. 
+
+The following table describes the impact of identity choice on device management characteristics of the personal and corporate device scenarios. 
+
+**Identity choice considerations for device management**
 
 <table>
 <colgroup>
@@ -119,1187 +117,959 @@ Table 2. Personal vs. organizational identity
 <tbody>
 <tr class="odd">
 <td align="left"></td>
-<td align="left">Personal identity</td>
-<td align="left">Corporate identity</td>
+<td align="left"><strong>Personal identity</strong></td>
+<td align="left"><strong>Work identity</td>
 </tr>
 <tr class="even">
-<td align="left">First account on the device</td>
-<td align="left">Microsoft account</td>
+<td align="left"><strong>First account on the device</strong></td>
+<td align="left">Microsoft Account</td>
 <td align="left">Azure AD account</td>
 </tr>
 <tr class="odd">
-<td align="left">Device sign-in</td>
-<td align="left">Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft account.</td>
-<td align="left">Users can unlock devices with an Azure AD account. Organizations can block the addition of a personal identity.</td>
+<td align="left"><strong>Ease of enrollment</td>
+<td align="left">Employees use their Microsoft Account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution (MSA+AAD+MDM).</td>
+<td align="left">Employees use their Azure AD account to register the device in Azure AD and automatically enroll it with the organization’s MDM solution (AAD+MDM – requires Azure AD Premium).</td>
 </tr>
 <tr class="even">
-<td align="left">User settings and data roaming across devices</td>
-<td align="left">User and app settings roam across devices activated with the same personal identity over personal OneDrive.</td>
-<td align="left">Windows 10 Mobile currently does not support users and app settings roaming over the enterprise cloud. It can block the roaming of personal cloud settings.</td>
+<td align="left"><strong>Credential management</strong></td>
+<td align="left">Employees sign in to the device with Microsoft Account credentials.
+Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft account. 
+</td>
+<td align="left">Employees sign in to the device with Azure AD credentials. 
+IT can block the addition of a personal identity, such as an MSA or Google Account. IT controls all devices access policies, without limitations. 
+</td>
 </tr>
-<tr class="odd">
-<td align="left">Ability to block the use of a personal identity on the device</td>
+<tr class="even">
+<td align="left"><strong>Ability to block the use of a personal identity on the device</strong></td>
 <td align="left">No</td>
 <td align="left">Yes</td>
 </tr>
 <tr class="even">
-<td align="left">Level of control</td>
-<td align="left"><p>Organization can apply most* restrictive policies to devices, but they cannot remove the Microsoft account from them. Device users can reclaim full control over their devices by un-enrolling them from the organization’s MDM solution.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>* MDM functionality on personal devices might be limited in the future.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left">Organizations are free to apply the restrictive policies to devices that policy standards and compliance regulations require and prevent the user from un-enrolling the device from the enterprise.</td>
+<td align="left"><strong>User settings and data roaming across multiple Windows devices</td>
+<td align="left">User and app settings roam across all devices activated with the same personal identity through OneDrive.</td>
+<td align="left">If the device is activated with an MSA, then adds an Azure AD account, user an app settings roam. If you add your MSA to an Azure AD- joined device, this will not be the case. Microsoft is investigating Enterprise roaming for a future release.</td>
+</tr>
+<tr class="even">
+<td align="left"><strong>Level of control</strong></td>
+<td align="left">Organizations can apply most of the available restrictive policies to devices and disable the Microsoft account. You can prevent users from reclaiming full control over their devices by unenrolling them from the organization’s MDM solution or resetting the device. Legal limitations may apply. For more information, contact your legal department.</td>
+<td align="left">Organizations are free to apply any restrictive policies to devices to bring them in line with corporate standards and compliance regulations. They can also prevent the user from unenrolling the device from the enterprise.</td>
+</tr>
+<tr class="even">
+<td align="left"><strong>Information Protection</strong></td>
+<td align="left">You can apply policies to help protect and contain corporate apps and data on the devices and prevent intellectual property leaks, but still provide employees with full control over personal activities like downloading and installing apps and games.</td>
+<td align="left">Companies can block personal use of devices. Using organizational identities to initialize devices gives organizations complete control over devices and allows them to prevent personalization.</td>
+</tr>
+<tr class="even">
+<td align="left"><strong>App purchases</strong></td>
+<td align="left">Employees can purchase and install apps from the Store using a personal credit card.</td>
+<td align="left">Employees can install apps from your Store for Business. Employees cannot install or purchase app from the Store without the addition of an MSA.</td>
 </tr>
 </tbody>
 </table>
- 
-### <a href="" id="infrastructure-requirements--"></a>Infrastructure requirements
 
-For both device scenarios, the essential infrastructure and tools required to deploy and manage Windows 10 Mobile devices include an Azure AD subscription and an MDM system.
 
-Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid solution. Azure AD has three editions: Free, Basic, and Premium (see [Azure Active Directory editions](http://go.microsoft.com/fwlink/p/?LinkId=723980)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state. Organizations that use Microsoft Office 365 or Intune are already using Azure AD.
+>**Note:** In the context of [Windows-as-a-Service](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing), differentiation of MDM capabilities will change in the future.
 
->**Note:**  Most industry-leading MDM vendors already support integration with Azure AD or are working on integration. You can find the MDM vendors that support Azure AD in [Azure Marketplace](http://go.microsoft.com/fwlink/p/?LinkId=723981).
- 
-Users can enroll Windows 10 Mobile devices in third-party MDM systems without using an Azure AD organizational account. (By default, Intune uses Azure AD and includes a license). If your organization doesn’t use Azure AD, you must use a personal identity to activate devices and enable common scenarios, such as downloading apps from Windows Store.
+### <a href="" id="Infrastructure choices"></a>Infrastructure choices
 
-Multiple MDM systems that support Windows 10 Mobile are available. Most support personal and corporate device deployment scenarios. Microsoft offers [Intune](http://go.microsoft.com/fwlink/p/?LinkId=723983), which is part of the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=723984) and a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management, so employees use the same credentials to enroll devices in Intune or sign in to Office 365. Intune supports devices that run other operating systems, as well, such as iOS and Android, to provide a complete MDM solution.
+*Applies to: Corporate and personal devices*
 
-You can also integrate Intune with System Center Configuration Manager to gain a single console in which to manage all devices—in the cloud and on premises. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=734051). For guidance on choosing between a stand-alone Intune installation and Intune integrated with Configuration Manager, see [Choose between Intune by itself or integrating Intune with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=723985).
-In addition to Intune, other MDM providers support Windows 10 Mobile. Currently, the following MDM systems claim to support Windows 10 and Windows 10 Mobile: [AirWatch](http://go.microsoft.com/fwlink/p/?LinkId=723986), [Citrix](http://go.microsoft.com/fwlink/p/?LinkId=723987), [Lightspeed Systems](http://go.microsoft.com/fwlink/p/?LinkId=723988), [Matrix42](http://go.microsoft.com/fwlink/p/?LinkId=723989), [MobileIron](http://go.microsoft.com/fwlink/p/?LinkId=723990), [SAP](http://go.microsoft.com/fwlink/p/?LinkId=723991), [SOTI](http://go.microsoft.com/fwlink/p/?LinkId=723992), and [Symantec](http://go.microsoft.com/fwlink/p/?LinkId=723993).
+For both personal and corporate deployment scenarios, an MDM system is the essential infrastructure required to deploy and manage Windows 10 Mobile devices. An Azure AD premium subscription is recommended as an identity provider and required to support certain capabilities. Windows 10 Mobile allows you to have a pure cloud-based infrastructure or a hybrid infrastructure that combines Azure AD identity management with an on-premises management system to manage devices. Microsoft now also supports a pure on-premises solution to manage Windows 10 Mobile devices with [Configuration Manager](https://technet.microsoft.com/en-us/library/mt627908.aspx).
 
-All MDM vendors have equal access to the [Windows 10 MDM APIs](http://go.microsoft.com/fwlink/p/?LinkId=734050). The extent to which they implement these APIs depends on the vendor. Contact your preferred MDM vendor to determine its level of support.
+**Azure Active Directory** 
+Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid identity solution. Organizations that use Microsoft Office 365 or Intune are already using Azure AD, which has three editions: Free Basic, and Premium (see [Azure Active Directory editions](http://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state. 
 
->**Note:**  Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365.
-In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (for example, passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://go.microsoft.com/fwlink/p/?LinkId=734052).
- 
-### <a href="" id="provisioning--"></a>Provisioning
+**Mobile Device Management**
+Microsoft [Intune](http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
+You can also integrate Intune with Configuration Manager to gain a single console for managing all devices in the cloud and on premises, mobile or PC. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](http://technet.microsoft.com/en-us/library/jj884158.aspx). For guidance on choosing between a stand-alone Intune installation and Intune integrated with System Center Configuration Manager, see Choose between Intune by itself or integrating Intune with System Center Configuration Manager.
+Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. MDM providers that support Windows 10 Mobile currently include: AirWatch, Citrix, MobileIron, SOTI, Blackberry and others. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](http://azure.microsoft.com/en-us/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account.
 
-Provisioning is new to Windows 10 and uses the MDM client in Windows 10 Mobile. You can create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10.
-To assist users with MDM system enrollment, use a provisioning package. To do so, use the [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911) to create a provisioning package, and then install that package on the device.
-Users can perform self-service MDM enrollment based on the following deployment scenarios:
+>**Note:** Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365.
+In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://technet.microsoft.com/en-us/library/ms.o365.cc.devicepolicy.aspx). 
 
--   **Corporate device.** During the out-of-the-box experience (OOBE), you can instruct the user to select **This device is owned by my organization** and join the device to Azure AD and the MDM system.
--   **Personal device.** The user activates the device with a Microsoft account, but you can instruct him or her to register the device with Azure AD and enroll in Intune. To do so in Windows 10 Mobile, the user clicks, **Settings**, clicks **Accounts**, and then clicks **Work access**.
-To automate MDM enrollment, use provisioning packages as follows:
--   **Corporate device.** You can create a provisioning package and apply it to a corporate device before delivery to the user, or instruct the user to apply the package during OOBE. After application of the provisioning package, the OOBE process automatically chooses the enterprise path and requires the user to register the device with Azure AD and enroll it in the MDM system.
--   **Personal device.** You can create a provisioning package and make it available to users who want to enroll their personal device in the enterprise. The user enrolls the device in the corporate MDM for further configuration by applying the provisioning package. To do so in Windows 10 Mobile, the user clicks **Settings**, clicks **Accounts**, and then clicks **Provisioning**).
+**Cloud services**
+On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
 
-Distribute provisioning packages to devices by publishing them in an easily accessible location (e.g., an email attachment or a web page). You can cryptographically sign or encrypt provisioning packages and require that the user enter a password to apply them.
+**Windows Push Notification Services**
+The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
+However, push notifications can affect battery life so the battery saver in Windows 10 Mobile limits background activity on the devices to extend battery life. Users can configure battery saver to turn on automatically when the battery drops below a set threshold. Windows 10 Mobile disables the receipt of push notifications to save energy when battery saver is on.
+However, there is an exception to this behavior. In Windows 10 Mobile, the Always allowed battery saver setting (found in the Settings app) allows apps to receive push notifications even when battery saver is on. Users can manually configure this list, or IT can use the MDM system to configure the battery saver settings URI scheme in Windows 10 Mobile (ms-settings:batterysaver-settings).
 
-See [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=734054) for more information on creating provisioning packages.
+For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).
 
-## Device configuration
+**Windows Update for Business**
+Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates.  
 
-The following sections describe the device configuration capabilities of the built-in Windows 10 Mobile MDM client. This client exposes the capabilities to any MDM system compatible with Windows 10. Configurable settings include:
+**Windows Store for Business**
+The Windows Store for Business is the place where IT administrators can find, acquire, manage, and distribute apps to Windows 10 devices. This includes both internal line-of-business (LOB) apps, as well as commercially available third-party apps. 
 
--   [Email accounts](#email)
--   [Account restrictions](#restrictions)
--   [Device lock restrictions](#device-lock)
--   [Hardware restrictions](#hardware)
--   [Certificate management](#certificate)
--   [Wi-Fi](#wifi)
--   [Proxy](#proxy)
--   [Virtual private network (VPN)](#vpn)
--   [Access point name (APN) profiles](#apn)
--   [Data leak prevention](#data)
--   [Storage management](#storage)
+## Configure
 
->**Note:**  Although all the MDM settings this section describes are available in Windows 10 Mobile, not all MDM systems may show them in their user interface. In addition, naming may vary among MDM systems. Consult your MDM system’s documentation for more information.
- 
-### <a href="" id="email"></a>Email accounts
+MDM administrators can define and implement policy settings on any personal or corporate device enrolled in an MDM system. What configuration settings you use will differ based on the deployment scenario, and corporate devices will offer IT the broadest range of control.
 
-You can use your corporate MDM system to manage corporate email accounts. Define email account profiles in the MDM system, and then deploy them to devices. You would usually deploy these settings immediately after enrollment, regardless of scenario.
+>**Note:** This guide helps IT professionals understand management options available for the Windows 10 Mobile OS. Please consult your MDM system documentation to understand how these policies are enabled by your MDM vendor. 
+Not all MDM systems support every setting described in this guide. Some support custom policies through OMA-URI XML files. See [Microsoft Intune support for Custom Policies](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#custom-uri-settings-for-windows-10-devices). Naming conventions may also vary among MDM vendors. 
 
-This capability extends to email systems that use EAS. Table 3 lists settings that you can configure in EAS email profiles.
+### <a href="" id="account-profile"></a>Account profile
 
-Table 3. Windows 10 Mobile settings for EAS email profiles
+*Applies to: Corporate devices*
 
-| Setting                    | Description                                                                                                                                                                                |
-|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Email Address              | The email address associated with the EAS account                                                                                                                                          |
-| Domain                     | The domain name of the Exchange Server instance                                                                                                                                            |
-| Account Name               | A user-friendly name for the email account on the device                                                                                                                                   |
-| Password                   | The password for the email account                                                                                                                                                         |
-| Server Name                | The server name that the email account uses                                                                                                                                                |
-| User Name                  | The user name for the email account                                                                                                                                                        |
-| Calendar Age Filter        | The age of calendar items to be synchronized with the device (for example, synchronizing calendar items within the past 7 days)                                                            |
-| Logging                    | The level of diagnostic logging                                                                                                                                                            |
-| Mail Body Type             | The email body format type: text, HTML, RTF, or Multipurpose Internet Mail Extensions                                                                                                      |
-| Mail HTML Truncation       | The maximum size of an HTML-formatted email message before the message is synchronized to the device (Any HTML-formatted email message that exceeds this size is automatically truncated.) |
-| Mail Plain Text Truncation | The maximum size of a text-formatted email message before the message is synchronized to the device (Any text-formatted email message that exceeds this size is automatically truncated.)  |
-| Schedule                   | The schedule for synchronizing email between the Exchange Server instance and the device                                                                                                   |
-| Use SSL                    | Establishes whether Secure Sockets Layer (SSL) is required when syncing                                                                                                                    |
-| Mail Age Filter            | The age of messages to be synchronized with the device (for example, synchronizing messages within the past 7 days)                                                                        |
-| Content Types              | The content type that is synchronized (e.g., email, contacts, calendar, task items)                                                                                                        |
- 
-Table 4 lists settings that you can configure in other email profiles.
+Enforcing what accounts employees can use on a corporate device is important for avoiding data leaks and protecting privacy. Limiting the device to just one account controlled by the organization will reduce the risk of a data breach. However, you can choose to allow employees to add a personal Microsoft Account or other consumer email accounts. 
 
-Table 4. Windows 10 Mobile settings for other email profiles
+-   **Allow Microsoft Account** Specifies whether users are allowed to add a Microsoft Account to the device and use this account to authenticate to cloud services, such as purchasing apps in Windows Store, Xbox, or Groove.
+-   **Allow Adding Non-Microsoft Accounts** Specifies whether users are allowed to add email accounts other than Microsoft accounts.
 
-| Setting                                   | Description                                                                                                                                          |
-|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
-| User logon name                           | The user logon name for the email account                                                                                                            |
-| Outgoing authentication required          | Whether the outgoing server requires authentication                                                                                                  |
-| Password                                  | The password for the account in the **User logon name** field                                                                                        |
-| Domain                                    | The domain name for the account in the **User logon name** field                                                                                     |
-| Days to download                          | How much email (measured in days) should be downloaded from the server                                                                               |
-| Incoming server                           | The incoming server name and port number, where the value format is *server\_name:port\_number* (The port number is optional.)                       |
-| Send and receive schedule                 | The length of time (in minutes) between email send-and-receive updates                                                                               |
-| IMAP4 maximum attachment size             | The maximum size for message attachments for Internet Message Access Protocol version 4 (IMAP4) accounts                                             |
-| Send mail display name                    | The name of the sender displayed on a sent email                                                                                                     |
-| Outgoing server                           | The outgoing server name and port number, where the value format is *server\_name:port\_number* (The port number is optional.)                       |
-| Reply address                             | The user’s reply email address                                                                                                                       |
-| Email service name                        | The name of the email service                                                                                                                        |
-| Email service type                        | The email service type (for example, POP3, IMAP4).                                                                                                   |
-| Maximum receive message size              | The maximum size (in bytes) of messages retrieved from the incoming email server (Messages that exceed this size are truncated to the maximum size.) |
-| Delete message action                     | How messages are deleted on the server (Messages can either be permanently deleted or sent to the Trash folder.)                                     |
-| Use cellular only                         | Whether the account should be used only with cellular connections and not Wi-Fi connections                                                          |
-| Content types to synchronize              | The content types supported for synchronization (in other words, mail messages, contacts, calendar items)                                            |
-| Content synchronization server            | The name of the content synchronization server, if it’s different from the email server                                                              |
-| Calendar synchronization server           | The name of the calendar synchronization server, if it’s different from the email server                                                             |
-| Contact server requires SSL               | Whether the contact server requires an SSL connection                                                                                                |
-| Calendar server requires SSL              | Whether the calendar server requires an SSL connection                                                                                               |
-| Contact items synchronization schedule    | The schedule for syncing contact items                                                                                                               |
-| Calendar items synchronization schedule   | The schedule for syncing calendar items                                                                                                              |
-| Alternative SMTP email account            | The display name associated with a user’s alternative Simple Mail Transfer Protocol (SMTP) email account                                             |
-| Alternate SMTP domain name                | The domain name for the user’s alternative SMTP email account                                                                                        |
-| Alternate SMTP account enabled            | Whether the user’s alternative SMTP account is enabled                                                                                               |
-| Alternate SMTP password                   | The password for the user’s alternative SMTP account                                                                                                 |
-| Incoming and outgoing servers require SSL | A group of properties that specify whether the incoming and outgoing email servers use SSL                                                           |
- 
-### <a href="" id="restrictions"></a>Account restrictions
+### <a href="" id="email-account"></a>Email accounts
 
-On a corporate device registered with Azure AD and enrolled in the MDM system, you can control whether users can use a Microsoft account or add other consumer email accounts. Table 5 lists the settings that you can use to manage accounts on Windows 10 Mobile devices.
+*Applies to: Corporate and personal devices*
 
-Table 5. Windows 10 Mobile account management settings
-| Setting | Description |
-| - | -|
-| Allow Microsoft Account | Specifies whether users are allowed to add a Microsoft account to the device after MDM enrollment and use this account for connection authentication and services, such as purchasing apps in Windows Store, or cloud-based consumer services, such as Xbox or Groove. If a device was activated with a Microsoft account, the MDM system would not be able to block that account from being used. |
-| Allow Adding Non Microsoft Accounts | Specifies whether users are allowed to add email accounts other than Microsoft accounts after MDM enrollment. If **Allow Microsoft Account** is applied, user can also not use a Microsoft account. |
-| Allow “Your Account” | Specifies whether users are able to change account configuration in the **Your Email and Accounts** panel in Settings.|
- 
-### <a href="" id="device-lock"></a>Device lock restrictions
+Email and associated calendar and contacts are the primary apps that users access on their smartphones. Configuring them properly is key to the success of any mobility program. In both corporate and personal device deployment scenarios, these email account settings get deployed immediately after enrollment. Using your corporate MDM system, you can define corporate email account profiles, deploy them to devices, and manage inbox policies. 
 
-It’s common sense to lock a device when it is not in use. Microsoft recommends that you secure Windows 10 Mobile devices and implement a device lock policy. A device password or PIN lock is a best practice for securing apps and data on devices. [Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=723994) is the name given to the new biometric sign-in option that allows users to use their face, iris, or fingerprints to unlock their compatible device, all of which Windows 10 supports.
+-   Most corporate email systems leverage **Exchange ActiveSync (EAS)**. For more details on configuring EAS email profiles, see the [ActiveSync CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920017(v=vs.85).aspx).
+-   **Simple Mail Transfer Protocol (SMTP)** email accounts can also be configured with your MDM system. For more detailed information on SMTP email profile configuration, see the [Email CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904953(v=vs.85).aspx). Microsoft Intune does not currently support the creation of an SMTP email profile. 
 
->**Note:**  In addition to the device lock restrictions discussed in this section, Windows 10 supports Microsoft Passport for Work, which lets you access apps and services without a password.
- 
-Table 6 lists the MDM settings in Windows 10 Mobile that you can use to configure device lock restrictions.
+### <a href="" id="device-lock-restrictions"></a>Device Lock restrictions
 
-Table 6. Windows 10 Mobile device lock restrictions
+*Applies to: Corporate and personal devices*
+
+It’s common practice to protect a device that contains corporate information with a passcode when it is not in use. As a best practice, Microsoft recommends that you implement a device lock policy for Windows 10 Mobile devices for securing apps and data. You can use a complex password or numeric PIN to lock devices. Introduced with Windows 10, [Windows Hello](http://windows.microsoft.com/en-us/windows-10/getstarted-what-is-hello) allows you to use a PIN, a companion device (like Microsoft band), or biometrics to validate your identity to unlock Windows 10 Mobile devices. 
+
+>**Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based.
+Companion devices must be paired with Windows 10 PC’s via Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires Pro or Enterprise edition on the Windows 10 PC being signed into.
+
+Most of the device lock restriction policies have been available via ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply. 
+
+-   **Device Password Enabled** Specifies whether users are required to use a device lock password.
+-   **Allow Simple Device Password** Whether users can use a simple password (e.g., 1111 or 1234).
+-   **Alphanumeric Device Password Required** Whether users need to use an alphanumeric password. When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user will be able to enter a numeric PIN on the keyboard.
+-   **Min Device Password Complex Characters** The number of password element types (i.e., uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords.
+-   **Device Password History** The number of passwords Windows 10 Mobile remembers in the password history (Users cannot reuse passwords in the history to create new passwords.)
+-   **Min Device Password Length** The minimum number of characters required to create new passwords.
+-   **Max Inactivity Time Device Lock** The number of minutes of inactivity before devices are locked and require a password to unlock.
+-   **Allow Idle Return Without Password** Whether users are required to re-authenticate when their devices return from a sleep state before the inactivity time was reached.
+-   **Max Device Password Failed Attempts** The number of authentication failures allowed before a device is wiped (A value of zero disables device wipe functionality.)
+-   **Screen Timeout While Locked** The number of minutes before the lock screen times out (this policy influences device power management).
+-   **Allow Screen Timeout While Locked User Configuration** Whether users can manually configure screen timeout while the device is on the lock screen (Windows 10 Mobile ignores the **Screen Timeout While Locked** setting if you disable this setting).
+
+Settings related to Windows Hello would be important device lock settings to configure if you are deploying devices using the corporate deployment scenario.
+Microsoft made it a requirement for all users to create a numeric passcode as part of Azure AD Join. This policy default requires users to select a four-digit passcode, but this can be configured with an AAD-registered MDM system to whatever passcode complexity your organization desires. If you are using Azure AD with an automatic MDM enrollment mechanism, these policy settings are automatically applied during device enrollment.
+
+You will notice that some of the settings are very similar, specifically those related to passcode length, history, expiration, and complexity. If you set the policy in multiple places, both policies will be applied, with the strongest policy retained. Read [PassportForWork CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn987099(v=vs.85).aspx), [DeviceLock CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904945(v=vs.85).aspx) (Windows Phone 8.1), and [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#DeviceLock_AllowIdleReturnWithoutPassword) for more detailed information. 
+
+### <a href="" id="prevent-of-settings"></a>Prevent changing of settings 
+
+*Applies to: Corporate devices*
+
+Employees are usually allowed to change certain personal device settings that you may want to lock down on corporate devices. Employees can interactively adjust certain settings of the phone through the settings applets. Using MDM, you can limit what users are allowed to change.
+
+-   **Allow Your Account** Specifies whether users are able to change account configuration in the Your Email and Accounts panel in Settings
+-   **Allow VPN** Allows the user to change VPN settings</td>
+-   **Allow Data Sense** Allows the user to change Data Sense settings</td>
+-   **Allow Date Time** Allows the user to change data and time setting
+-   **Allow Edit Device Name** Allows users to change the device name
+-   **Allow Speech Model Update** Specifies whether the device will receive updates to the speech recognition and speech synthesis models (to improve accuracy and performance)
+
+### <a href="" id="hardware-restrictions"></a>Hardware restrictions
+
+*Applies to: Corporate devices*
+
+Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi Fi. You can use hardware restrictions to control the availability of these features. 
+
+The following lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions.
+
+>**Note:** Some of these hardware restrictions provide connectivity and assist in data protection. 
+
+-   **Allow NFC:** Whether the NFC radio is enabled
+-   **Allow USB Connection:** Whether the USB connection is enabled (doesn’t affect USB charging)
+-   **Allow Bluetooth:** Whether users can enable and use the Bluetooth radio on their devices
+-   **Allow Bluetooth Advertising:** Whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices
+-   **Allow Bluetooth Discoverable Mode:** Whether the device can discover other devices (e.g., headsets)
+-   **Allow Bluetooth pre-pairing** Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device
+-   **Bluetooth Services Allowed List:** The list of Bluetooth services and profiles to which the device can connect
+-   **Set Bluetooth Local Device Name:** The local Bluetooth device name
+-   **Allow Camera:** Whether the camera is enabled
+-   **Allow Storage Card:** Whether the storage card slot is enabled
+-   **Allow Voice Recording:** Whether the user can use the microphone to create voice recordings
+-   **Allow Location:** Whether the device can use the GPS sensor or other methods to determine location so applications can use location information
+
+### <a href="" id="certificates"></a>Certificates 
+
+*Applies to: Personal and corporate devices*
+
+Certificates help improve security by providing account authentication, Wi Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation. 
+To install certificates manually, you can post them on Microsoft Edge website or send them directly via email, which is ideal for testing purposes. 
+Using SCEP and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device (as long as the MDM system supports the Simple Certificate Enrollment Protocol (SCEP) or Personal Information Exchange (PFX)). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
+In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings.
+Get more detailed information about MDM certificate management in the [Client Certificate Install CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](../keep-secure/installing-digital-certificates-on-windows-10-mobile.md).
+Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently.
+
+>**Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Windows Store. This Windows 10 Mobile app can help you:
+-   View a summary of all personal certificates
+-   View the details of individual certificates
+-   View the certificates used for VPN, Wi-Fi, and email authentication
+-   Identify which certificates may have expired
+-   Verify the certificate path and confirm that you have the correct intermediate and root CA certificates
+-   View the certificate keys stored in the device TPM
+
+### <a href="" id="wi-fi-profiles"></a>Wi-Fi profiles
+
+*Applies to: Corporate and personal devices*
+
+Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
+You can create multiple Wi-Fi profiles in your MDM system. The below table lists the Windows 10 Mobile Wi Fi connection profile settings that can be configured by administrators.
+
+-   **SSID** The case-sensitive name of the Wi Fi network Service Set Identifier
+-   **Security type** The type of security the Wi Fi network uses; can be one of the following authentication types:
+    -   Open 802.11
+    -   Shared 802.11
+    -   WPA-Enterprise 802.11
+    -   WPA-Personal 802.11
+    -   WPA2-Enterprise 802.11
+    -   WPA2-Personal 802.11
+-   **Authentication encryption** The type of encryption the authentication uses; can be one of the following encryption methods:
+    -   None (no encryption)
+    -   Wired Equivalent Privacy
+    -   Temporal Key Integrity Protocol
+    -   Advanced Encryption Standard (AES)
+-   **Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication
+-   **Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication
+-   **Shared key** WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.
+-   **Proxy** The configuration of any network proxy that the Wi Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
+-   **Disable Internet connectivity checks** Whether the Wi Fi connection should check for Internet connectivity
+-   **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file
+-   **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled
+
+In addition, you can set a few device wide Wi-Fi settings. 
+-   **Allow Auto Connect to Wi Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi  networks
+-   **Allow Manual Wi-Fi Configuration** Whether the user can manually configure Wi-Fi  settings
+-   **Allow Wi-Fi** Whether the Wi-Fi hardware is enabled
+-   **Allow Internet Sharing** Allow or disallow Internet sharing
+-   **WLAN Scan Mode** How actively the device scans for Wi-Fi  networks
+
+Get more detailed information about Wi-Fi connection profile settings in the [Wi-Fi CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904981(v=vs.85).aspx) and [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx).
+
+### <a href="" id="apn-profiles"></a>APN profiles
+
+*Applies to: Corporate devices*
+
+An Access Point Name (APN) defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators.
+An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network. 
+You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. The following lists the MDM settings that Windows 10 Mobile supports for APN profiles.
+
+-   **APN name** The APN name 
+-   *IP connection type* The IP connection type; set to one of the following values:
+    -	IPv4 only
+    -	IPv6 only
+    -	IPv4 and IPv6 concurrently
+    -	IPv6 with IPv4 provided by 46xlat 
+-   **LTE attached** Whether the APN should be attached as part of an LTE Attach 
+-   **APN class ID** The globally unique identifier that defines the APN class to the modem
+-   **APN authentication type** The APN authentication type; set to one of the following values:
+    -	None
+    -	Auto
+    -	PAP
+    -	CHAP
+    -	MSCHAPv2 
+-   **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type
+-   **Password** The password for the user account specified in User name
+-   **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile
+-   **Always on** Whether the connection manager will automatically attempt to connect to the APN whenever it is available
+-   **Connection enabled** Specifies whether the APN connection is enabled
+-   **Allow user control** Allows users to connect with other APNs than the enterprise APN
+-   **Hide view** Whether the cellular UX will allow the user to view enterprise APNs
+
+Get more detailed information about APN settings in the [APN CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn958617(v=vs.85).aspx).
+
+### <a href="" id="proxy"></a>Proxy
+
+*Applies to: Corporate devices*
+
+The below lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity.
+
+-   **Connection name** Specifies the name of the connection the proxy is associated with (this is the APN name of a configured connection)
+-   **Bypass Local** Specifies if the proxy should be bypassed when local hosts are accessed by the device
+-   **Enable** Specifies if the proxy is enabled
+-   **Exception** Specifies a semi-colon delimited list of external hosts which should bypass the proxy when accessed
+-   **User Name** Specifies the username used to connect to the proxy
+-   **Password** Specifies the password used to connect to the proxy
+-   **Server** Specifies the name of the proxy server
+-   **Proxy connection type** The proxy connection type, supporting: Null proxy, HTTP, WAP, SOCKS4 
+-   **Port** The port number of the proxy connection
+
+For more details on proxy settings, see [CM_ProxyEntries CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914762(v=vs.85).aspx).
+
+### <a href="" id="vpn"></a>VPN
+
+*Applies to: Corporate and personal devices*
+
+Organizations often use a VPN to control access to apps and resources on their company’s intranet. In addition to native Microsoft Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Key Exchange Protocol version 2 (IKEv2) VPNs, Windows 10 Mobile supports SSL VPN connections, which require a downloadable plugin from the Windows Store and are specific to the VPN vendor of your choice. These plugins work like apps and can be installed directly from the Windows Store using your MDM system (see App Management).
+
+You can create and provision multiple VPN connection profiles and then deploy them to managed devices that run Windows 10 Mobile. 
+To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP), you can use the following settings:
+
+-   **VPN Servers** The VPN server for the VPN profile
+-   **Routing policy type** The type of routing policy the VPN profile uses can be set to one of the following values: 
+    -   Split tunnel. Only network traffic destined to the intranet goes through the VPN connection
+    -   Force tunnel. All traffic goes through the VPN connection
+-   **Tunneling protocol type** The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols can be one the following values: PPTP, L2TP, IKEv2, Automatic
+-   **User authentication method** The user authentication method for the VPN connection can have a value of EAP or MSChapv2 (Windows 10 Mobile does not support the value MSChapv2 for IKEv2-based VPN connections)
+-   **Machine certificate** The machine certificate used for IKEv2-based VPN connections
+-   **EAP configuration** To create a single sign-on experience for VPN users using certificate authentication, you need to create an Extensible Authentication Protocol (EAP) configuration XML file and include it in the VPN profile 
+-   **L2tpPsk** The pre-shared key used for an L2TP connection
+-   **Cryptography Suite** Enable the selection of cryptographic suite attributes used for IPsec tunneling
+
+>**Note:** The easiest way to create a profile for a single sign-on experience with an EAP configuration XML is through the rasphone tool on a Windows 10 PC. Once you run the rasphone.exe, the configuration wizard will walk you through the necessary steps. For step-by-step instructions on creating the EAP configuration XML blob, see EAP configuration. You can use the resulting XML blob in the MDM system to create the VPN profile on Windows 10 Mobile phone. If you have multiple certificates on the devices, you may want to configure filtering conditions for automatic certificate selection, so the employee does not need to select an authentication certificate every time the VPN is turned on. See this article for details. Windows 10 for PCs and Windows 10 Mobile have the same VPN client.
+
+Windows Store–based VPN plugins for the VPN connection allow you to create a VPN plugin profile with the following attributes:
+
+-   **VPN server** A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address
+-   **Custom configuration** An HTML-encoded XML blob for SSL–VPN plugin–specific configuration information (e.g., authentication information) that the plugin provider requires
+-   **Windows Store VPN plugin family name** Specifies the Windows Store package family name for the Windows Store–based VPN plugin
+
+In addition, you can specify per VPN Profile:
+
+-   **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list will automatically trigger the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention.
+-   **Route List** List of routes to be added to the routing table for the VPN interface. This is required for split tunneling cases where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface.
+-   **Domain Name Information List** Name Resolution Policy Table (NRPT) rules for the VPN profile.
+-   **Traffic Filter List** Specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
+-   **DNS suffixes** A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to Suffix Search List.
+-   **Proxy** Any post-connection proxy support required for the VPN connection; including Proxy server name and Automatic proxy configuration URL. Specifies the URL for automatically retrieving proxy server settings.
+-   **Always on connection** Windows 10 Mobile features always-on VPN, which makes it possible to automatically start a VPN connection when a user signs in. The VPN stays connected until the user manually disconnects it.
+-   **Remember credentials** Whether the VPN connection caches credentials.
+-   **Trusted network detection** A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible (Wi-Fi).
+-   **Enterprise Data Protection Mode ID** Enterprise ID, which is an optional field that allows the VPN to automatically trigger based on an app defined with a Windows Information Protection policy.
+-   **Device Compliance** To set up Azure AD-based Conditional Access for VPN and allow that SSO with a certificate different from the VPN Authentication certificate for Kerberos Authentication in the case of Device Compliance.
+-   **Lock Down VPN profile** A Lock Down VPN profile has the following characteristics:
+    -   It is an always-on VPN profile.
+    -   It can never be disconnected.
+    -   If the VPN profile is not connected, the user has no network connectivity.
+    -   No other VPN profiles can be connected or modified.
+-   **ProfileXML** In case your MDM system does not support all the VPN settings you want to configure, you can create an XML file that defines the VPN profile you want to apply to all the fields you require. 
+
+For more details about VPN profiles, see the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776(v=vs.85).aspx)
+
+Some device-wide settings for managing VPN connections can help you manage VPNs over cellular data connections, which in turn helps reduce costs associated with roaming or data plan charges.
+-   **Allow VPN** Whether users can change VPN settings
+-   **Allow VPN Over Cellular** Whether users can establish VPN connections over cellular networks
+-   **Allow VPN Over Cellular when Roaming** Whether users can establish VPN connections over cellular networks when roaming
+
+### <a href="" id="storage-management"></a>Storage management
+
+*Applies to: Corporate and personal devices*
+
+Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage. The device encryption in Windows 10 Mobile helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
+
+Windows 10 Mobile also has the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on so you don’t need to set a policy explicitly to enable it.
+
+The SD card is uniquely paired with a device. No other devices can see the apps or data on the encrypted partition, but they can access the data stored on the unencrypted partition of the SD card, such as music or photos. This gives users the flexibility to use an SD card while still protecting the confidential apps and data on it. 
+
+You can disable the **Allow Storage Card** setting if you wish to prevent users from using SD cards entirely. If you choose not to encrypt storage, you can help protect your corporate apps and data by using the Restrict app data to the system volume and Restrict apps to the system volume settings. These help ensure that users cannot copy your apps and data to SD cards.
+
+Here is a list of MDM storage management settings that Windows 10 Mobile provides.
+
+-   **Allow Storage Card** Whether the use of storage cards for data storage is allowed
+-   **Require Device Encryption** Whether internal storage is encrypted (when a device is encrypted, you cannot use a policy to turn encryption off)
+-   **Encryption method** Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values:
+    -   AES-Cipher Block Chaining (CBC) 128-bit
+    -   AES-CBC 256-bit
+    -   XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default)
+    -   XTS-AES-256-bit
+-   **Allow Federal Information Processing Standard (FIPS) algorithm policy** Whether the device allows or disallows the FIPS algorithm policy
+-   **SSL cipher suites** Specifies a list of the allowed cryptographic cipher algorithms for SSL connections
+-   **Restrict app data to the system volume** Specifies whether app data is restricted to the system drive
+-   **Restrict apps to the system volume** Specifies whether apps are restricted to the system drive
+
+
+## Apps
+
+*Applies to: Corporate and personal devices*
+
+User productivity on mobile devices is often driven by apps. 
+
+Windows 10 makes it possible to develop apps that work seamlessly across multiple devices using the Universal Windows Platform (UWP) for Windows apps. UWP converges the application platform for all devices running Windows 10 so that apps run without modification on all editions of Windows 10. This saves developers both time and resources, helping deliver apps to mobile users more quickly and efficiently. This write-once, run-anywhere model also boosts user productivity by providing a consistent, familiar app experience on any device type. 
+
+For compatibility with existing apps, Windows Phone 8.1 apps still run on Windows 10 Mobile devices, easing the migration to the newest platform. Microsoft recommend migrating your apps to UWP to take full advantage of the improvements in Windows 10 Mobile. In addition, bridges have been developed to easily and quickly update existing Windows Phone 8.1 (Silverlight) and iOS apps to the UWP.
+
+Microsoft also made it easier for organizations to license and purchase UWP apps via Windows Store for Business and deploy them to employee devices using the Windows Store, or an MDM system, that can be integrated with the Windows Store for Business. Putting apps into the hands of mobile workers is critical, but you also need an efficient way to ensure those apps comply with corporate policies for data security. 
+
+To learn more about Universal Windows apps, see the [Guide to Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/en-us/library/windows/apps/dn894631.aspx) for additional information, or take this [Quick Start Challenge: Universal Windows Apps in Visual Studio](https://mva.microsoft.com/en-US/training-courses/quick-start-challenge-universal-windows-apps-in-visual-studio-14477?l=Be2FMfgmB_505192797). Also, see [Porting apps to Windows 10](https://msdn.microsoft.com/en-us/windows/uwp/porting/index). 
+
+### <a href="" id="windows-store-for-business"></a>Windows Store for Business: Sourcing the right app
+
+*Applies to: Corporate and personal devices*
+
+The first step in app management is to obtain the apps your users need. You can develop your own apps or source your apps from the Windows Store. With Windows Phone 8.1, an MSA was needed to acquire and install apps from the Windows Store. With the Windows Store for Business, Microsoft enables organizations to acquire apps for employees from a private store with the Windows Store, without the need for MSAs on Windows 10 devices. 
+
+Windows Store for Business is a web portal that allows IT administrators to find, acquire, manage, and distribute apps to Windows 10 devices. 
+
+Azure AD authenticated managers have access to Windows Store for Business functionality and settings, and store managers can create a private category of apps that are specific and private to their organization. (You can get more details about what specific Azure AD accounts have access to Windows Store for Business here). Windows Store for Business enables organizations to purchase app licenses for their organization and make apps available to their employees. In addition to commercially available apps, your developers can publish line-of-business (LOB) apps to Windows Store for Business by request. You can also integrate their Windows Store for Business subscriptions with their MDM systems, so the MDM system can distribute and manage apps from Windows Store for Business.
+
+Windows Store for Business supports app distribution under two licensing models: online and offline. 
+
+The online model (store-managed) is the recommended method, and supports both personal device and corporate device management scenarios. To install online apps, the device must have Internet access at the time of installation. On corporate devices, an employee can be authenticated with an Azure AD account to install online apps. On personal devices, an employee must register their device with Azure AD to be able to install corporate licensed online apps.
+Corporate device users will find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system app catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. 
+
+Employees with personal devices can install apps licensed by their organization using the Store app on their device. They can use either the Azure AD account or Microsoft Account within the Store app if they wish to purchase personal apps. If you allow employees with corporate devices to add a secondary Microsoft Account (MSA), the Store app on the device provides a unified method for installing personal and corporate apps.
+
+Online licensed apps do not need to be transferred or downloaded from the Windows Store to the MDM system to be distributed and managed. When an employee chooses a company-owned app, it will automatically be installed from the cloud. Also, apps will be automatically updated when a new version is available or can be removed if needed. When an app is removed from a device by the MDM system or the user, Windows Store for Business reclaims the license so it can be used for another user or on another device. 
+
+To distribute an app offline (organization-managed), the app must be downloaded from the Windows Store for Business. This can be accomplished in the Windows Store for Business portal by an authorized administrator. Offline licensing requires the app developer to opt-in to the licensing model, as the Windows Store is no longer able to track licenses for the developer. If the app developer doesn’t allow download of the app from Windows Store, then you must obtain the files directly from the developer or use the online licensing method. 
+
+To install acquired Windows Store or LOB apps offline on a Windows 10 Mobile device, IT administrators can use an MDM system. The MDM system distributes the app packages that you downloaded from Windows Store (also called sideloading) to Windows 10 Mobile devices. Support for offline app distribution depends on the MDM system you are using, so consult your MDM vendor documentation for details. You can fully automate the app deployment process so that no user intervention is required.
+
+Windows Store apps or LOB apps that have been uploaded to the Windows Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Windows Store certificates. LOB apps that are uploaded to the Windows Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 Mobile Enterprise edition.
+
+Learn more about the [Windows Store for Business](windows-store-for-business.md). 
+
+### <a href="" id="managing-apps"></a>Managing apps
+
+*Applies to: Corporate devices*
+
+IT administrators can control which apps are allowed to be installed on Windows 10 Mobile devices and how they should be kept up-to-date. 
+
+Windows 10 Mobile includes AppLocker, which enables administrators to create allow or disallow (sometimes also called whitelist/blacklist) lists of apps from the Windows Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allow or disallow lists also requires keeping up with the changing app landscape in the Windows Store. 
+
+For more details, see [AppLocker CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920019(v=vs.85).aspx).
+
+In addition to controlling which apps are allowed, IT professionals can also implement additional app management settings on Windows 10 Mobile, using an MDM.
+
+-   **Allow All Trusted Apps** Whether users can sideload apps on the device.
+-   **Allow App Store Auto Update** Whether automatic updates of apps from Windows Store are allowed.
+-   **Allow Developer Unlock** Whether developer unlock is allowed.
+-   **Allow Shared User App Data** Whether multiple users of the same app can share data.
+-   **Allow Store** Whether Windows Store app is allowed to run. This will completely block the user from installing apps from the Store, but will still allow app distribution through an MDM system. 
+-   **Application Restrictions** An XML blob that defines the app restrictions for a device. The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher. See AppLocker above.
+-   **Disable Store Originated Apps** Disables the launch of all apps from Windows Store that came pre-installed or were downloaded before the policy was applied.
+-   **Require Private Store Only** Whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available.
+-   **Restrict App Data to System Volume** Whether app data is allowed only on the system drive or can be stored on an SD card.
+-   **Restrict App to System Volume** Whether app installation is allowed only to the system drive or can be installed on an SD card.
+-   **Start screen layout** An XML blob used to configure the Start screen (see [Start layout for Windows 10 Mobile](http://msdn.microsoft.com/en-us/library/windows/hardware/mt171093(v=vs.85).aspx) for more information).
+
+Find more details on application management options in the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#ApplicationManagement_AllowAllTrustedApps)
+
+### <a href="" id="data-leak-prevention"></a>Data leak prevention
+
+*Applies to: Corporate and personal devices*
+
+One of the biggest challenges in protecting corporate information on mobile devices is keeping that data separate from personal data. Most solutions available to create this data separation require users to login in with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. 
+
+Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data protected and personal data private. It automatically tags personal and corporate data and applies policies for those apps that can access data classified as corporate. This includes when data is at rest on local or removable storage. Because corporate data is always protected, users cannot copy it to public locations like social media or personal email. 
+
+Windows Information Protection works with all apps, which are classified into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on policies. Corporate data will be encrypted at all times and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps consider all data corporate and encrypt everything by default. 
+
+Any app developed on the UWA platform can be enlightened. Microsoft has made a concerted effort to enlighten several of its most popular apps, including: 
+-   Microsoft Edge
+-   Microsoft People
+-   Mobile Office apps (Word, Excel, PowerPoint, and OneNote) 
+-   Outlook Mail and Calendar
+-   Microsoft Photos
+-   Microsoft OneDrive
+-   Groove Music
+-   Microsoft Movies & TV
+-   Microsoft Messaging
+
+The following table lists the settings that can be configured for Windows Information Protection: 
+-   **Enforcement level*** Set the enforcement level for information protection:
+    -   Off (no protection)
+    -   Silent mode (encrypt and audit only)
+    -   Override mode (encrypt, prompt, and audit)
+    -   Block mode (encrypt, block, and audit)
+-   **Enterprise protected domain names*** A list of domains used by the enterprise for its user identities. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. 
+-   **Allow user decryption** Allows the user to decrypt files. If not allowed, the user will not be able to remove protection from enterprise content through the OS or app user experience. 
+-   **Require protection under lock configuration** Specifies whether the protection under lock feature (also known as encrypt under PIN) should be configured. 
+-   **Data recovery certificate*** Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through MDM instead of Group Policy. 
+-   **Revoke on unenroll** Whether to revoke the information protection keys when a device unenrolls from the management service. 
+-   **RMS template ID for information protection** Allows the IT admin to configure the details about who has access to RMS-protected files and for how long. 
+-   **Allow Azure RMS for information protection** Specifies whether to allow Azure RMS encryption for information protection.
+-   **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the Start menu.
+-   **Status** A read-only bit mask that indicates the current state of information protection on the device. The MDM service can use this value to determine the current overall state of information protection. 
+-   **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected.
+-   **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected.
+-   **Enterprise Cloud Resources** A list of Enterprise resource domains hosted in the cloud that need to be protected.
+
+>**Note:** * Are mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings - specifically Enterprise IP Range and Enterprise Network Domain Names –  must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key (so that others in the company can access it.
+
+For more information on Windows Information Protection, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634(v=vs.85).aspx) and the following in-depth article series [Protect your enterprise data using Windows Information Protection](../keep-secure/protect-enterprise-data-using-wip.md).  
+
+### <a href="" id="managing-user-activities"></a>Managing user activities
+
+*Applies to: Corporate devices*
+
+On corporate devices, some user activities expose corporate data to unnecessary risk. For example, users might create a screen capture of corporate information out of an internal LOB app. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data and prevent data leaks. The following demonstrates those capabilities that can be used to help prevent data leaks.
+
+-   **Allow copy and paste** Whether users can copy and paste content
+-   **Allow Cortana** Whether users can use Cortana on the device (where available)
+-   **Allow device discovery** Whether the device discovery user experience is available on the lock screen (for example, controlling whether a device could discover a projector [or other devices] when the lock screen is displayed)
+-   **Allow input personalization** Whether personally identifiable information can leave the device or be saved locally (e.g., Cortana learning, inking, dictation)
+-   **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
+-   **Allow screen capture** Whether users are allowed to capture screenshots on the device
+-   **Allow SIM error dialog prompt** Specifies whether to display a dialog prompt when no SIM card is installed
+-   **Allow sync my settings** Whether the user experience settings are synchronized between devices (works with Microsoft accounts only)
+-   **Allow toasts notifications above lock screen** Whether users are able to view toast notification on the device lock screen
+-   **Allow voice recording** Whether users are allowed to perform voice recordings
+-   **Do Not Show Feedback Notifications** Prevents devices from showing feedback questions from Microsoft
+-   **Allow Task Switcher** Allows or disallows task switching on the device to prevent visibility of App screen tombstones in the task switcher
+-   **Enable Offline Maps Auto Update** Disables the automatic download and update of map data
+-   **Allow Offline Maps Download Over Metered Connection** Allows the download and update of map data over metered connections
+
+You can find more details on the experience settings in Policy CSP. 
+
+### <a href="" id="microsoft-edge"></a>Microsoft Edge
+
+*Applies to: Corporate and personal devices*
+
+MDM systems also give you the ability to manage Microsoft Edge on mobile devices. Microsoft Edge is the only browser available on Windows 10 Mobile devices. It differs slightly from the desktop version as it does not support Flash or Extensions. Edge is also an excellent PDF viewer as it can be managed and integrates with Windows Information Protection.
+
+The following settings for Microsoft Edge on Windows 10 Mobile can be managed.
+
+-   **Allow Browser** Whether users can run Microsoft Edge on the device
+-   **Allow Do Not Track headers** Whether Do Not Track headers are allowed
+-   **Allow InPrivate** Whether users can use InPrivate browsing
+-   **Allow Password Manager** Whether users can use Password Manager to save and manage passwords locally
+-   **Allow Search Suggestions in Address Bar** Whether search suggestions are shown in the address bar
+-   **Allow SmartScreen** Whether SmartScreen Filter is enabled
+-   **Cookies**	Whether cookies are allowed
+-   **Favorites** Configure Favorite URLs
+-   **First Run URL** The URL to open when a user launches Microsoft Edge for the first time
+-   **Prevent SmartScreen Prompt Override** Whether users can override the SmartScreen warnings for URLs
+-   **Prevent Smart Screen Prompt Override for Files** Whether users can override the SmartScreen warnings for files
+
+## Manage
+
+In enterprise IT environments, the need for security and cost control must be balanced against the desire to provide users with the latest technologies. Since cyberattacks have become an everyday occurrence, it is important to properly maintain the state of your Windows 10 Mobile devices. IT needs to control configuration settings, keeping them from drifting out of compliance, as well as enforce which devices can access internal applications. Windows 10 Mobile delivers the mobile operations management capabilities necessary to ensure that devices are in compliance with corporate policy. 
+
+### <a href="" id="servicing-options"></a>Servicing options
+
+**A streamlined update process**
+
+*Applies to: Corporate and personal devices*
+
+Microsoft has streamlined the Windows product engineering and release cycle so new features, experiences, and functionality demanded by the market can be delivered more quickly than ever before. Microsoft plans to deliver two Feature Updates per year (12-month period). <strong>Feature Updates</strong> establish a Current Branch or CB, and have an associated version. 
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">Device Password Enabled</td>
-<td align="left"><p>Specifies whether users are required to use a device lock password</p>
-<div class="alert">
-<strong>Note</strong>  
-<p></p>
-<ul>
-<li><p>When a device is registered with Azure AD and automatic MDM enrollment is not configured, the user will automatically be prompted to set a password PIN of at least six digits (simple PINs are not allowed).</p></li>
-<li><p>If the device is capable of using biometric authentication, the user will be able to enroll an iris or other biometric gesture (depending on hardware) for device lock purposes. When a user uses a biometric gesture, he or she can still use the PIN as a fallback mechanism (for example, if the iris-recognition camera fails).</p></li>
-</ul>
-</div>
-<div>
- 
-</div></td>
+<td align="left"><strong>Branch</strong></td>
+<td align="left"><strong>Version</strong></td>
+<td align="left"><strong>Release Date</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Allow Simple Device Password</td>
-<td align="left">Whether users can use a simple password (for example, 1111 or 1234)</td>
+<td align="left">Current Branch</td>
+<td align="left">1511</td>	      
+<td align="left">November 2015</td>
 </tr>
 <tr class="odd">
-<td align="left">Alphanumeric Device Password Required</td>
-<td align="left">Whether users need to use an alphanumeric password When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user will be able to enter a numeric PIN on the keyboard.</td>
+<td align="left">Current Branch for Business</td>
+<td align="left">1511</td>	      
+<td align="left">March 2016</td>
 </tr>
 <tr class="even">
-<td align="left">Min Device Password Complex Characters</td>
-<td align="left">The number of password element types (in other words, uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords</td>
-</tr>
-<tr class="odd">
-<td align="left">Device Password Expiration</td>
-<td align="left">The number of days before a password expires (Biometric data does not expire.)</td>
-</tr>
-<tr class="even">
-<td align="left">Device Password History</td>
-<td align="left">The number of passwords Windows 10 Mobile remembers in the password history (Users cannot reuse passwords in the history to create new passwords.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Min Device Password Length</td>
-<td align="left">The minimum number of characters required to create new passwords</td>
-</tr>
-<tr class="even">
-<td align="left">Max Inactivity Time Device Lock</td>
-<td align="left">The number of minutes of inactivity before devices are locked and require a password to unlock</td>
-</tr>
-<tr class="odd">
-<td align="left">Allow Idle Return Without Password</td>
-<td align="left">Whether users are required to re-authenticate when their devices return from a sleep state, before the inactivity time was reached</td>
-</tr>
-<tr class="even">
-<td align="left">Max Device Password Failed Attempts</td>
-<td align="left">The number of authentication failures allowed before a device is wiped (A value of zero disables device wipe functionality.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Screen Timeout While Locked</td>
-<td align="left">The number of minutes before the lock screen times out (This policy influences the device’s power management.)</td>
-</tr>
-<tr class="even">
-<td align="left">Allow Screen Timeout While Locked User Configuration</td>
-<td align="left">Whether users can manually configure screen timeout while the device is on the lock screen (Windows 10 Mobile ignores the <strong>Screen Timeout While Locked</strong> setting if you disable this setting.)</td>
+<td align="left">Current Branch</td>
+<td align="left">1607</td>	      
+<td align="left">July 2016</td>
 </tr>
 </tbody>
 </table>
- 
-### <a href="" id="hardware"></a>Hardware restrictions
 
-Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can also use hardware restrictions to control the availability of these features. Table 7 lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions.
+Microsoft will also deliver and install monthly updates for security and stability directly to Windows 10 Mobile devices. These <strong>Quality Updates</strong>, released under Microsoft control via Windows Update, are available for all devices running Windows 10 Mobile. Windows 10 Mobile devices consume Feature Updates and Quality Updates as part of the same standard update process. 
 
->**Note:**  Some of these hardware restrictions provide connectivity and assist in data protection. Enterprise data protection is currently being tested in select customer evaluation programs.
- 
-Table 7. Windows 10 Mobile hardware restrictions
+Quality Updates are usually smaller than Feature Updates, but the installation process and experience is very similar, though larger updates will take more time to install.  Enterprise customers can manage the update experience and process on Windows 10 Mobile devices using an MDM system, after upgrading the devices to Enterprise edition. In most cases, policies to manage the update process will apply to both feature and quality updates. 
 
-| Setting                                    | Description                                                                                                                   |
-|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|
-| Allow NFC                                  | Whether the NFC radio is enabled                                                                                              |
-| Allow USB Connection                       | Whether the USB connection is enabled (this setting doesn’t affect USB charging)                                              |
-| Allow Bluetooth                            | Whether users can enable and use the Bluetooth radio on their devices                                                         |
-| Allow Bluetooth Advertising                | Whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices                      |
-| Allow Bluetooth Discoverable Mode          | Whether the device can discover other devices (for example, headsets)                                                         |
-| Bluetooth Services Allowed List            | The list of Bluetooth services and profiles to which the device can connect                                                   |
-| Set Bluetooth Local Device Name            | The local Bluetooth device name                                                                                               |
-| Allow Wi-Fi                                | Whether the Wi-Fi radio is enabled                                                                                            |
-| Allow Auto Connect to Wi-Fi Sense Hotspots | Whether the device can automatically connect to Wi-Fi hotspots and friends’ home networks that are shared through Wi-Fi Sense |
-| Allow Manual Wi-Fi Configuration           | Whether users can manually connect to Wi-Fi networks not specified in the MDM system’s list of configured Wi-Fi networks      |
-| WLAN Scan Mode                             | How actively the device scans for Wi-Fi networks (This setting is hardware dependent.)                                        |
-| Allow Camera                               | Whether the camera is enabled                                                                                                 |
-| Allow Storage Card                         | Whether the storage card slot is enabled                                                                                      |
-| Allow Voice Recording                      | Whether the user can use the microphone to create voice recordings                                                            |
-| Allow Location                             | Whether the device can use the GPS sensor or other methods to determine location so applications can use location information |
- 
-### <a href="" id="certificate"></a>Certificate management
-
-Managing certificates can be difficult for users, but certificates are pervasive for a variety of uses, including, account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users could manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates for their entire life cycle, from enrollment through renewal to revocation. You can use the Simple Certificate Enrollment Protocol (SCEP) and Personal Information Exchange (PFX) certificates files to install certificates on Windows 10 Mobile. Certificate management through SCEP and MDM systems is fully transparent to users and requires no user intervention, so it helps improve user productivity and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device. Table 8 lists the SCEP settings that the MDM client in Windows 10 Mobile provides.
-
-Table 8. Windows 10 Mobile SCEP certificate enrollment settings
-
-| Setting                                              | Description                                                                                                                                                                                                                               |
-|------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Certificate enrollment server URLs                   | The certificate enrollment servers (to specify multiple server URLs, separate the URLs with semicolons \[;\])                                                                                                                             |
-| SCEP enrollment challenge                            | The Base64-encoded SCEP enrollment challenge                                                                                                                                                                                              |
-| Extended key use object identifiers                  | The object identifiers (OIDs) for extended key use                                                                                                                                                                                        |
-| Key usage                                            | The key usage bits for the certificate in decimal format                                                                                                                                                                                  |
-| Subject name                                         | The certificate subject name                                                                                                                                                                                                              |
-| Private key storage                                  | Where to store the private key (in other words, the Trusted Platform Module \[TPM\], a software key storage provider \[KSP\], or the Microsoft Passport KSP)                                                                              |
-| Pending retry delay                                  | How long the device will wait to retry when the SCEP server sends a pending status                                                                                                                                                        |
-| Pending retry count                                  | The number of times a device will retry when the SCEP server sends a pending status                                                                                                                                                       |
-| Template name                                        | The OID of the certificate template name                                                                                                                                                                                                  |
-| Private key length                                   | The private key length (in other words, 1024, 2048, or 4096 bits; Microsoft Passport supports only the 2048 key length)                                                                                                                   |
-| Certificate hash algorithm                           | The hash algorithm family (in other words, SHA-1, SHA-2, SHA-3; multiple hash algorithm families are separated by plus signs \[+\])                                                                                                       |
-| Root CA thumbprint                                   | The root CA thumbprint                                                                                                                                                                                                                    |
-| Subject alternative names                            | Subject alternative names for the certificate (Use semicolons to separate multiple subject alternative names.)                                                                                                                            |
-| Valid period                                         | The unit of measure for the period of time the certificate is considered valid (in other words, days, months, or years)                                                                                                                   |
-| Valid period units                                   | The number of units of time that the certificate is considered valid (Use this setting with the **Valid Period** setting. For example, if this setting is **3** and **Valid Period** is **Years**, the certificate is valid for 3 years.) |
-| Custom text to show in Microsoft Passport PIN prompt | The custom text to show on the Microsoft Passport PIN prompt during certificate enrollment                                                                                                                                                |
-| Thumbprint                                           | The current certificate thumbprint, if certificate enrollment succeeds                                                                                                                                                                    |
- 
-In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. Table 9 lists the Windows 10 Mobile PFX certificate deployment settings.
-
-Table 9. Windows 10 Mobile PFX certificate deployment settings
-
-| Setting                           | Description                                                                                                                                                                  |
-|-----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Private key storage               | Where to store the private key (in other words, the TPM, a software KSP, or the Microsoft Passport KSP)                                                                      |
-| Microsoft Passport container name | The tenant identifier of the Azure AD tenant from which the Microsoft Passport is derived, required only if you select **Microsoft Passport KSP** in **Private key storage** |
-| PFX packet                        | The PFX packet with the exported and encrypted certificates and keys in Binary64 format                                                                                      |
-| PFX packet password               | The password that protects the PFX blob specified in **PFX packet**                                                                                                          |
-| PFX packet password encryption    | Whether the MDM system encrypts the PFX certificate password with the MDM certificate                                                                                        |
-| PFX private key export            | Whether the PFX private key can be exported                                                                                                                                  |
-| Thumbprint                        | The thumbprint of the installed PFX certificate                                                                                                                              |
- 
-Use the **Allow Manual Root Certificate Installation** setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently.
-
->**Note:**  To diagnose certificate-related issues on Windows 10 Mobile devices, use the free [Certificates app](http://go.microsoft.com/fwlink/p/?LinkId=723996) in Windows Store. This Windows 10 Mobile app can help you:
-
--   View a summary of all personal certificates.
--   View the details of individual certificates.
--   View the certificates used for VPN, Wi-Fi, and email authentication.
--   Identify which certificates may have expired.
--   Verify the certificate path and confirm that you have the correct intermediate and root CA certificates.
--   View the certificate keys stored in the device TPM.
- 
-### <a href="" id="wifi"></a>Wi-Fi
-
-People use Wi-Fi on their mobile devices as much as or more than cellular data. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but you can use your MDM system to fully configure Wi-Fi settings without user intervention.
-
-Table 10 lists the Windows 10 Mobile Wi-Fi connection profile settings. Use the information in this table to help you create Wi-Fi connection profiles in your MDM system.
-
-Table 10. Windows 10 Mobile Wi-Fi connection profile settings
+Microsoft aspires to update Windows 10 Mobile devices with the latest updates automatically and without being disruptive for all customers. Out-of-the-box, a Windows 10 Mobile device will Auto Scan for available updates. However, depending on the device’s network and power status, update methods and timing will vary. 
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="15%" />
+<col width="25%" />
+<col width="15%" />
+<col width="15%" />
+<col width="15%" />
+<col width="15%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">SSID</td>
-<td align="left">The case-sensitive name of the Wi-Fi network (service set identifier [SSID])</td>
+<td align="left"><strong>Network connection</strong></td>
+<td align="left"><strong>Description</strong></td>
+<td align="left"><strong>Auto Scan</strong></td>
+<td align="left"><strong>Auto Download</strong></td>
+<td align="left"><strong>Auto Install</strong></td>
+<td align="left"><strong>Auto Restart</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Security type</td>
-<td align="left">The type of security the Wi-Fi network uses; can be one of the following authentication types:
-<ul>
-<li><p>Open 802.11</p></li>
-<li><p>Shared 802.11</p></li>
-<li><p>WPA-Enterprise 802.11</p></li>
-<li><p>WPA-Personal 802.11</p></li>
-<li><p>WPA2-Enterprise 802.11</p></li>
-<li><p>WPA2-Personal 802.11</p></li>
-</ul></td>
+<td align="left"><strong>Wi-Fi</strong></td>
+<td align="left">Device is connected to a personal or corporate Wi-Fi network (no data charges)</td>
+<td align="left">Yes</td>	      
+<td align="left">Yes/td>
+<td align="left">Yes</td>	      
+<td align="left">Yes – outside of Active Hours (forced restart after 7 days if user postpones restart)</td>	      
 </tr>
 <tr class="odd">
-<td align="left">Authentication encryption</td>
-<td align="left">The type of encryption the authentication uses; can be one of the following encryption methods:
-<ul>
-<li><p>None (no encryption)</p></li>
-<li><p>Wired Equivalent Privacy</p></li>
-<li><p>Temporal Key Integrity Protocol</p></li>
-<li><p>Advanced Encryption Standard (AES)</p></li>
-</ul></td>
+<td align="left"><strong>Cellular</strong></td>
+<td align="left">Device is only connected to a cellular network (standard data charges apply)</td>
+<td align="left">Will skip a daily scan if scan was successfully completed in the last 5 days</td>	      
+<td align="left">Will only occur if update package is small and does not exceed the mobile operator data limit or the user clicks “download now”.</td>
+<td align="left">Yes, if the user clicked “download now”</td>	      
+<td align="left">Idem</td>	      
 </tr>
 <tr class="even">
-<td align="left">Extensible Authentication Protocol Transport Layer Security (EAP-TLS)</td>
-<td align="left">WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication</td>
-</tr>
-<tr class="odd">
-<td align="left">Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)</td>
-<td align="left">WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication</td>
-</tr>
-<tr class="even">
-<td align="left">Shared key</td>
-<td align="left">WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.</td>
-</tr>
-<tr class="odd">
-<td align="left">Proxy</td>
-<td align="left">The configuration of any network proxy that the Wi-Fi connection requires (To specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address.)</td>
-</tr>
-<tr class="even">
-<td align="left">Disable Internet connectivity checks</td>
-<td align="left">Whether the Wi-Fi connection should check for Internet connectivity</td>
-</tr>
-<tr class="odd">
-<td align="left">Proxy auto-configuration URL</td>
-<td align="left">A URL that specifies the proxy auto-configuration file</td>
-</tr>
-<tr class="even">
-<td align="left">Enable Web Proxy Auto-Discovery Protocol (WPAD)</td>
-<td align="left">Specifies whether WPAD is enabled</td>
+<td align="left"><strong>Cellular -- Roaming</strong></td>
+<td align="left">Device is only connected to a cellular network and roaming charges apply</td>
+<td align="left">No</td>	      
+<td align="left">No</td>
+<td align="left">No</td>	      
+<td align="left">Idem</td>	      
 </tr>
 </tbody>
 </table>
- 
-Table 11 lists the Windows 10 Mobile settings for managing Wi-Fi connectivity.
 
-Table 11. Windows 10 Mobile Wi-Fi connectivity settings
+**Keeping track of updates releases**
 
-| Setting                                    | Configuration                                                              |
-|--------------------------------------------|----------------------------------------------------------------------------|
-| Allow Auto Connect To Wi-Fi Sense Hotspots | Whether the device will automatically detect and connect to Wi-Fi networks |
-| Allow Manual Wi-Fi Configuration           | Whether the user can manually configure Wi-Fi settings                     |
-| Allow Wi-Fi                                | Whether the Wi-Fi hardware is enabled                                      |
-| WLAN Scan Mode                             | How actively the device scans for Wi-Fi networks                           |
- 
-### Proxy
+*Applies to: Corporate and Personal devices*
 
-Apps running on Windows 10 Mobile (for example, Microsoft Edge) can use proxy connections to access Internet content, but Wi-Fi connections on the corporate intranet most typically use proxy connections, instead. You can define multiple proxies in Windows 10 Mobile.
+Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on a regular basis. The [Windows release information page](https://technet.microsoft.com/en-us/windows/release-info) is designed to help you determine if your devices are current with the latest Windows 10 feature and quality updates. The release information published on this page, covers both Windows 10 for PCs and Windows 10 Mobile. In addition, the [Windows update history page](http://windows.microsoft.com/en-us/windows-10/update-history-windows-10) helps you understand what these updates are about.
 
->**Note:**  Windows 10 Mobile also supports proxy auto-configuration (PAC) files, which can automatically configure proxy settings. The Web Proxy Auto-Discovery Protocol (WPAD) lets apps use Dynamic Host Configuration Protocol and Domain Name System (DNS) lookups to locate the PAC file.
- 
-Table 12 lists the Windows 10 Mobile settings for proxy connections.
+>**Note:** 
+We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback via the Feedback Hub 
 
-Table 12. Windows 10 Mobile proxy connection settings
+**Windows as a Service**
+
+*Applies to: Corporate and Personal devices*
+
+Microsoft created a new way to deliver and install updates to Windows 10 Mobile directly to devices without Mobile Operator approval. This capability helps to simplify update deployments and ongoing management, broadens the base of employees who can be kept current with the latest Windows features and experiences, and lowers total cost of ownership for organizations who no longer have to manage updates to keep devices secure.
+
+Update availability depends on what servicing option you choose for the device. These servicing options are outlined in the chart below: 
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="15%" />
+<col width="22%" />
+<col width="22%" />
+<col width="22%" />
+<col width="22%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Settings</th>
-<th align="left">Configuration</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">Proxy name</td>
-<td align="left">The unique name of the proxy connection</td>
+<td align="left"><strong>Servicing option</strong></td>
+<td align="left"><strong>Availability of new features for installation</strong></td>
+<td align="left"><strong>Minimum length of servicing lifetime</strong></td>
+<td align="left"><strong>Key benefits</strong></td>
+<td align="left"><strong>Supported editions</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Proxy ID</td>
-<td align="left">The unique identifier for the proxy connection</td>
+<td align="left"><strong>Windows Insider Builds</strong></td>
+<td align="left">As appropriate during development cycle, released to Windows Insiders only</td>
+<td align="left">Variable, until the next Insider build is released to Windows Insiders</td>	      
+<td align="left">Allows Insiders to test new feature and application compatibility before a Feature Update is released/td>
+<td align="left">Mobile</td>
 </tr>
 <tr class="odd">
-<td align="left">Name</td>
-<td align="left">The user-friendly name of the proxy connection</td>
+<td align="left"><strong>Current Branch (CB)</strong></td>
+<td align="left">Immediately after the Feature Update is published to Windows Update by Microsoft</td>
+<td align="left">Microsoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer)</td>	      
+<td align="left">Makes new features available to users as soon as possible</td>
+<td align="left">Mobile & Mobile Enterprise</td>	      
 </tr>
 <tr class="even">
-<td align="left">Server address</td>
-<td align="left">The address of the proxy server, which can be the server FQDN or IP address</td>
-</tr>
-<tr class="odd">
-<td align="left">IP address type</td>
-<td align="left">The IP address type that identifies the proxy server, which can be one of the following values:
-<ul>
-<li><p><strong>IPV4</strong></p></li>
-<li><p><strong>IPV6</strong></p></li>
-<li><p><strong>E164</strong></p></li>
-<li><p><strong>ALPHA</strong></p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Proxy connection type</td>
-<td align="left">The proxy connection type, which can be one of the following values:
-<ul>
-<li><p><strong>ISA</strong></p></li>
-<li><p><strong>WAP</strong></p></li>
-<li><p><strong>SOCKS</strong></p></li>
-<li><p><strong>NULL</strong></p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Ports</td>
-<td align="left">The port information for the proxy connection; includes the following settings:
-<ul>
-<li><p><strong>Port Name.</strong> The unique name of a port that the proxy connection uses, such as <strong>PORT0</strong> or <strong>PORT1</strong></p></li>
-<li><p><strong>Port Name/Port Nbr.</strong> The proxy connection port number for this port</p></li>
-<li><p><strong>Port Name/Services.</strong> The services that use this proxy connection port</p></li>
-<li><p><strong>Services/Service Name.</strong> The name of a service that uses the proxy connection</p></li>
-<li><p><strong>Services/<em>Service Name</em>/Service Name.</strong> The protocol associated with the parent port connection</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Configuration reference</td>
-<td align="left">The connection reference information for the proxy connection. The corporation determines the information in this optional setting.</td>
+<td align="left"><strong>Current Branch for Business (CBB)</strong></td>
+<td align="left">A minimum of four months after the corresponding Feature Update is first published to Windows Update by Microsoft</td>
+<td align="left">A minimum of four months, though it potentially can be longerNo</td>	      
+<td align="left">Provides additional time to test new feature before deployment</td>
+<td align="left">Mobile Enterprise only</td>			     
 </tr>
 </tbody>
 </table>
- 
-### VPN
 
-In addition to Wi-Fi, users often use a VPN to securely access apps and resources on their company’s intranet behind a firewall. Windows 10 Mobile supports several VPN vendors in addition to native Microsoft VPNs (such as Point to Point Tunneling Protocol \[PPTP\], Layer 2 Tunneling Protocol \
-[L2TP\], and Internet Key Exchange Protocol version 2 \[IKEv2\]), including:
+**Enterprise Edition**
 
--   IKEv2
--   IP security
--   SSL VPN connections (which require a downloadable plug-in from the VPN server vendor)
+*Applies to: Corporate devices*
 
-You can configure Windows 10 Mobile to use auto-triggered VPN connections, as well. You define a VPN connection for each app that requires intranet connectivity. When users switch between apps, the operating system automatically establishes the VPN connection for that app. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention.
+While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 Mobile Enterprise edition. 
 
-With always-on VPN, Windows 10 Mobile can automatically start a VPN connection when a user signs-in, as well. The VPN stays connected until the user manually disconnects it.
-MDM support for VPN connections in Windows 10 Mobile includes provisioning and updating VPN connection profiles and associating VPN connections with apps. You can create and provision VPN connection profiles, and then deploy them to managed devices that run Windows 10 Mobile. Table 13 lists the Windows 10 Mobile fields for VPN connection profiles.
+Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to:
+-   **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released. 
+-   **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required.
+-   **Set the telemetry level:** Microsoft collects telemetry data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the telemetry level so that only telemetry information required to keep devices secured is gathered. 
 
-Table 13. Windows 10 Mobile VPN connection profile settings
+To learn more about telemetry, visit [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
+
+To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required.
+
+Details on updating a device to Enterprise edition with [WindowsLicensing CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904983(v=vs.85).aspx)
+
+>**Recommendation:** Microsoft recommends using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices. 
+
+**Deferring and Approving Updates with MDM**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Once a device is upgraded to Windows 10 Mobile Enterprise edition, you can manage devices that receive updates from Windows Update (or Windows Update for Business) with a set of update policies. 
+
+To control Feature Updates, you will need to move your devices to the Current Branch for Business (CBB) servicing option. A device that subscribes to CBB will wait for the next CBB to be published by Microsoft Update. While the device will wait for Feature Updates until the next CBB, Quality Updates will still be received by the device. 
+
+To control monthly Quality Update additional deferral policies, need to be set to your desired deferral period. When Quality Updates are available for your Windows 10 Mobile devices from Windows Update, these updates will not install until your deferral period lapses. This gives IT Professionals some time to test the impact of the updates on devices and apps. 
+
+Before updates are distributed and installed, you may want to test them for issues or application compatibility. IT pros have the ability require updates to be approved. This enables the MDM administrator to select and approve specific updates to be installed on a device and accept the EULA associated with the update on behalf of the user. Please remember that on Windows 10 Mobile all updates are packaged as a “OS updates” and never as individual fixes. 
+
+You may want to choose to handle Quality Updates and Feature Updates in the same way and not wait for the next CBB to be released to your devices. This streamlines the release of updates using the same process for approval and release. You can apply different deferral period by type of update. In version 1607 Microsoft added additional policy settings to enable more granularity to control over updates. 
+
+Once updates are being deployed to your devices, you may want to pause the rollout of updates to enterprise devices. 
+For example, after you start rolling out a quality update, certain phone models are adversely impacted or users are reporting a specific LOB app is not connecting and updating a database. Problems can occur that did not surface during initial testing. 
+IT professionals can pause updates to investigate and remediate unexpected issues. 
+
+The following table summarizes applicable update policy settings by version of Windows 10 Mobile.  All policy settings are backward compatible, and will be maintained in future Feature Updates. Consult the documentation of your MDM system to understand support for these settings in your MDM.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">Native VPN protocol profile</td>
-<td align="left"><p>The configuration information when the VPN uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP); includes the following settings:</p>
-<ul>
-<li><p><strong>Servers.</strong> The VPN server for the VPN profile</p></li>
-<li><p><strong>Routing policy type.</strong> The type of routing policy the VPN profile uses; can be set to one of the following values:</p>
-<ul>
-<li><p><strong>Split tunnel.</strong> Only network traffic destined to the intranet goes through the VPN connection.</p></li>
-<li><p><strong>Force tunnel.</strong> All traffic goes through the VPN connection.</p></li>
-</ul></li>
-<li><p><strong>Tunneling protocol type.</strong> The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols; can be one the following values:</p>
-<ul>
-<li><p><strong>PPTP</strong></p></li>
-<li><p><strong>L2TP</strong></p></li>
-<li><p><strong>IKEv2</strong></p></li>
-<li><p><strong>Automatic</strong></p></li>
-</ul></li>
-<li><p><strong>User authentication method.</strong> The user authentication method for the VPN connection; can have a value of <strong>EAP</strong> or <strong>MSChapv2</strong>. Windows 10 Mobile does not support the value <strong>MSChapv2</strong> for IKEv2-based VPN connections.</p></li>
-<li><p><strong>Machine certificate.</strong> The machine certificate used for IKEv2-based VPN connections.</p></li>
-<li><p><strong>EAP configuration.</strong> An HTML-encoded XML blob of the EAP configuration. For more information about creating the EAP configuration XML blob, see [EAP configuration](http://go.microsoft.com/fwlink/p/?LinkId=734055). You can use the XML blob these steps create in the MDM system to create the VPN profile.</p></li>
-</ul></td>
+<td align="left"><strong>Activity (Policy)</strong></td>
+<td align="left"><strong>Version 1511 settings</strong></td>
+<td align="left"><strong>Version 1607 settings</strong></td>
 </tr>
 <tr class="even">
-<td align="left">VPN plugin profile</td>
-<td align="left">Windows Store–based VPN plug-ins for the VPN connection; includes the following settings:
-<ul>
-<li><p><strong>VPN servers.</strong> A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address.</p></li>
-<li><p><strong>Custom configuration.</strong> An HTML-encoded XML blob for SSL–VPN plug-in–specific configuration information (e.g., authentication information) that the plug-in provider requires.</p></li>
-<li><p><strong>Windows Store VPN plugin family name.</strong> Specifies the Windows Store package family name for the Windows Store–based VPN plug-in.</p></li>
-</ul></td>
+<td align="left"><strong>Subscribe device to CBB, to defer Feature Updates</strong></td>
+<td align="left">RequireDeferUpgrade
+
+Defers Feature Update until next CBB release. Device will receive quality updates from Current Branch for Business (CBB).
+Defers feature update for minimum of 4 months after Current Branch was release.</td>
+<td align="left">BranchReadinessLevel
+
+Defers Feature Update until next CBB release. Device will receive quality updates from Current Branch for Business (CBB).
+Defers feature update for minimum of 4 months after Current Branch was release.</td></tr>
+<tr class="odd">
+<td align="left"><strong>Defer Updates</strong></td>
+<td align="left">DeferUpdatePeriod
+
+Defer Quality Updates for 4 weeks or 28 days</td>
+<td align="left">DeferQualityUpdatePeriodInDays
+
+Defer Feature and Quality Updates for up to 30 days.</td></tr>
+<tr class="even">
+<td align="left"><strong>Approve Updates</strong></td>
+<td align="left">RequireUpdateApproval
+  
+</td>
+<td align="left">RequireUpdateApproval
+  
+</td>	      
 </tr>
 <tr class="odd">
-<td align="left">Always on connection</td>
-<td align="left">Whether the VPN connects at user sign-in and stays connected until the user manually disconnects the VPN connection.</td>
-</tr>
-<tr class="even">
-<td align="left">App trigger list</td>
-<td align="left">A list of apps that automatically initiate the VPN connection. Each app trigger in the list includes the following settings:
-<ul>
-<li><p><strong>App ID.</strong> The app identity for the app that automatically initiates the VPN connection Any apps in this list can send data through the VPN connection; set it to one of the following values:</p>
-<ul>
-<li><p>Unique name of the Windows Store app (<strong>Package Family Name</strong>). The package family name is a unique name for each app. For example, the package family name for the Skype app is <em>Microsoft.SkypeApp_kzf8qxf38zg5c</em>.</p></li>
-<li><p>Fully qualified path to the app (such as C:\Windows\System\Notepad.exe).</p></li>
-<li><p>Kernel driver name.</p></li>
-</ul></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">DNS suffixes</td>
-<td align="left">A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to <strong>Suffix Search List</strong>.</td>
-</tr>
-<tr class="even">
-<td align="left">LockDown VPN profile</td>
-<td align="left">Whether this VPN connection is a LockDown profile. A LockDown VPN profile has the following characteristics:
-<ul>
-<li><p>It is an always-on VPN profile.</p></li>
-<li><p>It can never be disconnected.</p></li>
-<li><p>If the VPN profile is not connected, the user has no network connectivity.</p></li>
-<li><p>No other VPN profiles can be connected or modified.</p></li>
-</ul>
-<p>You must delete a LockDown VPN profile before you can add, remove, or connect other VPN profiles.</p></td>
-</tr>
-<tr class="odd">
-<td align="left">Name Resolution Policy Table rules</td>
-<td align="left">A list of Name Resolution Policy Table rules for the VPN connection. Each rule in the list includes the following settings:
-<ul>
-<li><p><strong>Domain name.</strong> The namespace for the policy; can be an FQDN or a domain suffix.</p></li>
-<li><p><strong>Domain name type.</strong> The type of namespace in <strong>Domain name</strong>; has a value of either <strong>FQDN</strong> or <strong>Suffix</strong>.</p></li>
-<li><p>DNS servers. A comma-separated list of DNS server IP addresses to use for the namespace specified in <strong>Domain name</strong>.</p></li>
-<li><p><strong>Web proxy servers</strong>. The IP address for the web proxy server (if the intranet redirects traffic through a web proxy server).</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Proxy</td>
-<td align="left">Any post connection proxy support required for the VPN connection; includes the following settings:
-<ul>
-<li><p><strong>Proxy server.</strong> Specifies the fully qualified host name or IP address of the proxy server when a specific proxy server is required.</p></li>
-<li><p><strong>Automatic proxy configuration URL.</strong> Specifies the URL for automatically retrieving proxy server settings.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Remember credentials</td>
-<td align="left">Whether the VPN connection caches credentials.</td>
-</tr>
-<tr class="even">
-<td align="left">Route list</td>
-<td align="left">A list of routes to add to the routing table for the VPN connection. Each route in the list includes the following settings:
-<ul>
-<li><p><strong>Address.</strong> The destination subnet address in IPv4 or IPv6 format (such as <em>192.168.0.0</em>).</p></li>
-<li><p><strong>Prefix size.</strong> The portion of the address used to identify the destination subnet address (such as <em>16</em> to produce the subnet <em>192.168.0.0/16</em>).</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Traffic filter list</td>
-<td align="left">A list of traffic rules that define the traffic that can be sent through the VPN connection. Each rule in the list includes the following settings:
-<ul>
-<li><p><strong>App ID.</strong> The app identity for the traffic filter based on a specific app (app-based traffic filter). Any apps in this list can send data through the VPN connection; set to one of the following values:</p>
-<ul>
-<li><p>Unique name of the Windows Store app (<strong>Package Family Name</strong>). The package family name is a unique name for each app. For example, the package family name for the Skype app is Microsoft.<em>SkypeApp_kzf8qxf38zg5c</em>.</p></li>
-<li><p>Fully qualified path to the app (such as C:\Windows\System\Notepad.exe).</p></li>
-<li><p>Kernel driver name.</p></li>
-</ul></li>
-<li><p><strong>Protocol.</strong> The IP protocol to use for the traffic filter rule (for example, TCP = 6, UDP = 17).</p></li>
-<li><p><strong>Local port ranges.</strong> Specifies a comma-separated list of local IP port ranges (for example, 100–180, 200, 300–350).</p></li>
-<li><p><strong>Remote port ranges.</strong> A comma-separated list of remote IP port ranges (for example, 100–180, 200, 300–350).</p></li>
-<li><p><strong>Local address ranges.</strong> A comma-separated list of local IP address ranges that are allowed to use the VPN connection (for example, 192.168.0.1–192.168.0.255, 172.16.10.0–172.16.10.255).</p></li>
-<li><p><strong>Remote address ranges.</strong> A comma-separated list of remote IP address ranges that are allowed to use the VPN connection (for example, 192.168.0.1–192.168.0.255, 172.16.10.0–172.16.10.255).</p></li>
-<li><p><strong>Routing policy type.</strong> The type of IP tunnel for the VPN connection; set to one of the following:</p>
-<ul>
-<li><p><strong>Split tunnel.</strong> Only traffic destined for the intranet is sent through the VPN connection.</p></li>
-<li><p><strong>Force tunnel.</strong> All traffic is sent through the VPN connection.</p></li>
-</ul></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Trusted network detection</td>
-<td align="left">A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible.</td>
+<td align="left"><strong>Pause Update rollout once an approved update is being deployed, pausing the rollout of the update.</strong></td>
+<td align="left">PauseDeferrals
+
+Pause Feature Updates for up to 35 days</td>			     
+<td align="left">PauseQualityUpdates
+
+Pause Feature Updates for up to 35 days</td>			     
 </tr>
 </tbody>
 </table>
- 
-Table 14 lists the Windows 10 Mobile settings for managing VPN connections. These settings help you manage VPNs over cellular data connections, which in turn help reduce costs associated with roaming or data plan charges.
-
-Table 14. Windows 10 Mobile VPN management settings
-
-| Setting                              | Description                                                                     |
-|--------------------------------------|---------------------------------------------------------------------------------|
-| Allow VPN                            | Whether users can change VPN settings                                           |
-| Allow VPN Over Cellular              | Whether users can establish VPN connections over cellular networks              |
-| Allow VPN Over Cellular when Roaming | Whether users can establish VPN connections over cellular networks when roaming |
- 
-### <a href="" id="apn"></a>APN profiles
-
-An APN defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators.
-
-An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network. Corporations in Europe and the Asia-Pacific use APNs, but they are not common in the United States.
-
-You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. Table 15 lists the MDM settings that Windows 10 Mobile supports for APN profiles.
-
-Table 15. Windows 10 Mobile APN profile settings
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">APN name</td>
-<td align="left">The APN name</td>
-</tr>
-<tr class="even">
-<td align="left">IP connection type</td>
-<td align="left">The IP connection type; set to one of the following values:
-<ul>
-<li><p><strong>IPv4 only</strong></p></li>
-<li><p><strong>IPv6 only</strong></p></li>
-<li><p><strong>IPv4 and IPv6 concurrently</strong></p></li>
-<li><p><strong>IPv6 with IPv4 provided by 46xlat</strong></p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">LTE attached</td>
-<td align="left">Whether the APN should be attached as part of an LTE Attach</td>
-</tr>
-<tr class="even">
-<td align="left">APN class ID</td>
-<td align="left">The globally unique identifier that defines the APN class to the modem</td>
-</tr>
-<tr class="odd">
-<td align="left">APN authentication type</td>
-<td align="left">The APN authentication type; set to one of the following values:
-<ul>
-<li><p><strong>None</strong></p></li>
-<li><p><strong>Auto</strong></p></li>
-<li><p><strong>PAP</strong></p></li>
-<li><p><strong>CHAP</strong></p></li>
-<li><p><strong>MSCHAPv2</strong></p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">User name</td>
-<td align="left">The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in <strong>APN authentication type</strong></td>
-</tr>
-<tr class="odd">
-<td align="left">Password</td>
-<td align="left">The password for the user account specified in <strong>User name</strong></td>
-</tr>
-<tr class="even">
-<td align="left">Integrated circuit card ID</td>
-<td align="left">The integrated circuit card ID associated with the cellular connection profile</td>
-</tr>
-</tbody>
-</table>
- 
-### <a href="" id="data"></a>Data leak protection
-
-Some user experiences can risk corporate data stored on corporate devices. For example, allowing users to copy and paste information out of the organization’s LOB app can put data at risk. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data 
-and prevent data leaks. For example, you can prevent settings synchronization, copy-and-paste operations, and screen captures. Table 16 lists the MDM settings in Windows 10 Mobile that you can use to help prevent data leaks.
-
-Table 16. Windows 10 Mobile data leak protection settings
-
-| Setting                                      | Description                                                                                                                                                                                                              |
-|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Allow copy and paste                         | Whether users can copy and paste content                                                                                                                                                                                 |
-| Allow Cortana                                | Whether users can use Cortana on the device, where available                                                                                                                                                             |
-| Allow device discovery                       | Whether the device discovery user experience is available on the lock screen (For example, this setting can control whether a device could discover a projector \[or other devices\] when the lock screen is displayed.) |
-| Allow input personalization                  | Whether personally identifiable information can leave the device or be saved locally (for example, Cortana learning, inking, dictation)                                                                                  |
-| Allow manual MDM unenrollment                | Whether users are allowed to delete the workplace account (in other words, unenroll the device from the MDM system)                                                                                                      |
-| Allow screen capture                         | Whether users are allowed to capture screenshots on the device                                                                                                                                                           |
-| Allow SIM error dialog prompt                | Specifies whether to display a dialog prompt when no SIM card is installed                                                                                                                                               |
-| Allow sync my settings                       | Whether the user experience settings are synchronized between devices (works with Microsoft accounts only)                                                                                                               |
-| Allow toasts notifications above lock screen | Whether users are able to view toast notification on the device lock screen                                                                                                                                              |
-| Allow voice recording                        | Whether users are allowed to perform voice recordings.                                                                                                                                                                   |
- 
-### <a href="" id="storage"></a>Storage management
-
-Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage by using the device encryption in Windows 10 Mobile. This encryption helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
-
-A feature in Windows 10 Mobile is the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on, so you don’t need to set a policy explicitly to enable it.
-The SD card is uniquely paired with a device. No other devices can see the apps or data on the encrypted partition, but they can access the data stored on the unencrypted partition of the SD card, such as music or photos.
-You can disable the **Allow Storage Card** setting to prevent users from using SD cards altogether, but the primary advantage of the SD card app partition–encryption feature is that organizations can give users the flexibility to use an SD card while still protecting the confidential apps and data on it.
-
-If you don’t encrypt storage, you can help protect your corporate apps and data by using the **Restrict app data to the system volume** and **Restrict apps to the system volume** settings. They help ensure that users cannot copy your apps and data to SD cards.
-
-Table 17 lists the MDM storage-management settings that Windows 10 Mobile provides.
-
-Table 17. Windows 10 Mobile storage management settings
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">Allow Storage Card</td>
-<td align="left">Whether users can use storage cards for device storage (This setting does not prevent programmatic access to the storage cards.)</td>
-</tr>
-<tr class="even">
-<td align="left">Require Device Encryption</td>
-<td align="left">Whether internal storage is encrypted (When a device is encrypted, you cannot use a policy to turn encryption off.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Encryption method</td>
-<td align="left">Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values:
-<ul>
-<li><p>AES-Cipher Block Chaining (CBC) 128-bit</p></li>
-<li><p>AES-CBC 256-bit</p></li>
-<li><p>XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default)</p></li>
-<li><p>XTS-AES-256-bit</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Allow Federal Information Processing Standard (FIPS) algorithm policy</td>
-<td align="left">Whether the device allows or disallows the FIPS algorithm policy</td>
-</tr>
-<tr class="odd">
-<td align="left">SSL cipher suites</td>
-<td align="left">Specifies a list of the allowed cryptographic cipher algorithms for SSL connections</td>
-</tr>
-<tr class="even">
-<td align="left">Restrict app data to the system volume</td>
-<td align="left">Specifies whether app data is restricted to the system drive</td>
-</tr>
-<tr class="odd">
-<td align="left">Restrict apps to the system volume</td>
-<td align="left">Specifies whether apps are restricted to the system drive</td>
-</tr>
-</tbody>
-</table>
- 
-## <a href="" id="--app-management"></a> App management
-
-Apps help improve user productivity on mobile devices. New to Windows 10 is the ability for organizations purchase apps from Windows Store for their employees and deploy those apps from Windows Store or an MDM system. App management is becoming a key capability of MDM systems, helping reduce the effort required to perform common app-related tasks, such as distributing apps, and protecting data through app policies. This section describes the app management features in Windows 10 Mobile and includes the following topics:
-
--   [Universal Windows Platform (UWP)](#uwp)
--   [Sourcing the right app](#sourcing)
--   [Windows Store for Business](#store)
--   [Mobile application management (MAM) policies](#mam)
--   [Microsoft Edge](#edge)
-
-### <a href="" id="uwp"></a>Universal Windows Platform
-
-Windows 10 introduces UWP, converging the application platform for all devices running some edition of Windows 10. UWP apps run without modification on all editions of Windows 10, and Windows Store now has apps that you can license and purchased for all your Windows 10 devices. Windows Phone 8.1 and Windows 8.1 apps still run on Windows 10 devices, but the MAM improvements in Windows 10 work only with UWP apps. See the [Guide to Universal Windows Platform (UWP) apps](http://go.microsoft.com/fwlink/p/?LinkId=734056) for additional information.
-
-### <a href="" id="sourcing"></a>Sourcing the right app
-
-The first step in app management is to obtain the apps your users need, and you can now acquire apps from Windows Store. Developers can also create apps specific to an organization, known as *line-of-business (LOB) apps* (the developers of these apps are *LOB publishers*). An LOB developer (internal or external) can now publish these apps to Windows Store at your request, or you can obtain the app packages offline and distribute them through your MDM system.
-
-To install Windows Store or LOB apps, use the Windows Store cloud service or your MDM system to distribute the app packages. Your MDM system can deploy apps online by redirecting the user to a licensed app in Windows Store or offline by distributing a package that you downloaded from Windows Store (also called *sideloading*) on Windows 10 Mobile devices. You can fully automate the app deployment process so that no user intervention is required.
-
-IT administrators can obtain apps through Store for Business. Most apps can be distributed online, meaning that the user must be logged in to the device with an Azure AD account and have Internet access at the time of installation. To distribute an app offline, the developer must opt in. If the app developer doesn’t allow download of the app from Windows Store, then you must obtain the files directly from the developer or use the online method. See [Windows Store for Business](windows-store-for-business.md) for additional information about apps obtained through Store for Business.
-Windows Store apps are automatically trusted. For custom LOB apps developed internally or by a trusted software vendor, ensure that the device trusts the app signing certificate. There are two ways to establish this trust: use a signing certificate from a trusted source, or generate your own signing certificate and add your chain of trust to the trusted certificates on the device. You can install up to 20 self-signed apps on a Windows 10 Mobile device. When you purchase a signing certificate from a public CA, you can install more than 20 apps on a device, although you can install more than 20 self-signed apps per device with [Windows 10 Mobile Enterprise](#mobile-edition).
-
-Users can install apps from Windows Store that the organization purchases through the Store app on their device. If you allow your users to log in with a Microsoft account, the Store app on the device provides a unified method for installing personal and corporate apps.
-
-### <a href="" id="store"></a>Store for Business
-
-[Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910) is a web portal that IT pros and purchasers use to find, acquire, manage, and distribute apps to Windows 10 devices. This online portal gives Azure AD authenticated managers access to Store for Business functionality and settings. Store managers can create a private section of Windows Store in which organizations can manage apps specific and private to them. Store for Business allows organizations to make apps available to their users and purchase app licenses for them. They can also integrate their Store for Business subscriptions with their MDM systems, so the MDM system can deploy apps from their free Store for Business subscription.
-
-The process for using Store for Business is as follows:
-
-1.  Create a Store for Business subscription for your organization.
-2.  In the Store for Business portal, acquire apps from Windows Store (only free apps are available at this time).
-3.  In Store for Business, distribute apps to users, and manage the app licenses for the apps acquired in the previous step.
-4.  Integrate your MDM system with your organization’s Store for Business subscription.
-5.  Use your MDM system to deploy the apps.
-
-For more information about Store for Business, see [Windows Store for Business](windows-store-for-business.md).
-
-### <a href="" id="mam"></a>Mobile application management (MAM) policies
-
-With MDM, you can manage Device Guard on Windows 10 Mobile and create an allow (whitelist) or deny (blacklist) list of apps. This capability extends to built-in apps, as well, such as phone, text messaging, email, and calendar. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes.
-
-You can also control users’ access to Windows Store and whether the Store service updates apps automatically. You can manage all these capabilities through your MDM system. Table 18 lists the Windows 10 Mobile app management settings.
-
-Table 18. Windows 10 Mobile app management settings
-
-| Setting                                        | Description                                                                                                                                                                          |
-|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Allow All Trusted Apps                         | Whether users can sideload apps on the device                                                                                                                                        |
-| Allow App Store Auto Update                    | Whether automatic updates of apps from Windows Store are allowed                                                                                                                     |
-| Allow Developer Unlock                         | Whether developer unlock is allowed                                                                                                                                                  |
-| Allow Shared User App Data                     | Whether multiple users of the same app can share data                                                                                                                                |
-| Allow Store                                    | Whether Windows Store app is allowed to run                                                                                                                                          |
-| Allow Windows Bridge For Android App Execution | Whether the Windows Bridge for Android app is allowed to run                                                                                                                         |
-| Application Restrictions                       | An XML blob that defines the app restrictions for a device (The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher.)      |
-| Require Private Store Only                     | Whether the private store is exclusively available to users (If enabled, only the private store is available. If disabled, the retail catalog and private store are both available.) |
-| Restrict App Data To System Volume             | Whether app data is allowed only on the system drive                                                                                                                                 |
-| Restrict App To System Volume                  | Whether app installation is allowed only to the system drive                                                                                                                         |
-| Start screen layout                            | An XML blob used to configure the Start screen (See [Start layout for Windows 10 Mobile editions](http://go.microsoft.com/fwlink/p/?LinkId=734057) for more information.)            |
- 
-One potential security issue is that users can register as Windows 10 Mobile app developers and turn on developer features on their device, potentially installing apps from unknown sources and opening the device to malware threats. To prevent users from turning on developer features on their devices, set the **Disable development unlock (side loading)** policy, which you can configure through your MDM system.
-
-### <a href="" id="edge"></a>Microsoft Edge
-
-MDM systems give you the ability to manage Microsoft Edge on mobile devices. Table 19 lists the Microsoft Edge settings for Windows 10 Mobile.
-
-Table 19. Microsoft Edge settings for Windows 10 Mobile
-
-| Setting                                         | Description                                                                                           |
-|-------------------------------------------------|-------------------------------------------------------------------------------------------------------|
-| Allow Active Scripting                          | Whether active scripting is allowed                                                                   |
-| Allow Autofill                                  | Whether values are automatically filled on websites                                                   |
-| Allow Browser                                   | Whether Internet Explorer is allowed on the device                                                    |
-| Allow Cookies                                   | Whether cookies are allowed                                                                           |
-| Allow Do Not Track headers                      | Whether Do Not Track headers are allowed                                                              |
-| Allow InPrivate                                 | Whether users can use InPrivate browsing                                                              |
-| Allow Password Manager                          | Whether users can use Password Manager to save and manage passwords locally                           |
-| Allow Search Suggestions in Address Bar         | Whether search suggestions are shown in the address bar                                               |
-| Allow SmartScreen                               | Whether SmartScreen Filter is enabled                                                                 |
-| First Run URL                                   | The URL to open when a user launches Microsoft Edge for the first time                                |
-| Prevent Smart Screen Prompt Override For Files  | Whether users can override the SmartScreen Filter warnings about downloading unverified files         |
- 
-## Device operations
-
-In this section, you learn how MDM settings in Windows 10 Mobile enable the following scenarios:
-
--   [Device update](#device-update)
--   [Device compliance monitoring](#device-comp)
--   [Device inventory](#data-inv)
--   [Remote assistance](#remote-assist)
--   [Cloud services](#cloud-serv)
-
-### Device update
-
-To help protect mobile devices and their data, you must keep those devices updated. Windows Update automatically installs updates and upgrades when they become available.
-
-The device update features described in this section are available only in [Windows 10 Mobile Enterprise](#mobile-edition). You can use your MDM system to postpone system upgrades when you activate an Enterprise license on managed Windows 10 Mobile devices and control how updates and upgrades are applied. For example, you can disable updates altogether, defer updates and upgrades, and schedule the day and time to install updates, as you would with Windows Server Update Services (WSUS) on Windows 10 desktops running the [Current Branch for Business](introduction-to-windows-10-servicing.md). 
-Table 20 lists the Windows 10 Mobile Enterprise settings that you can use to configure updates and upgrades.
-
-Table 20. Windows 10 Mobile Enterprise update management settings
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">Allow automatic update</td>
-<td align="left">The automatic update behavior for scanning, downloading, and installing updates; the behavior can be one of the following:
-<ul>
-<li><p>Notify users prior to downloading updates.</p></li>
-<li><p>Automatically install updates, and then notify users to schedule a restart (this is the default behavior).</p></li>
-<li><p>Automatically install and restart devices with user notification.</p></li>
-<li><p>Automatically install and restart devices at a specified time.</p></li>
-<li><p>Automatically install and restart devices without user interaction.</p></li>
-<li><p>Turn off automatic updates.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Allow non Microsoft signed update</td>
-<td align="left">Whether automatic updates will accept updates that entities other than Microsoft have signed</td>
-</tr>
-<tr class="odd">
-<td align="left">Allow update service</td>
-<td align="left">Whether devices can obtain updates from Windows Update, WSUS, or Windows Store</td>
-</tr>
-<tr class="even">
-<td align="left">Monthly security updates deferred</td>
-<td align="left">Whether monthly updates (for example, security patches) are deferred (You can defer updates up to 4 weeks.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Nonsecurity upgrades deferred</td>
-<td align="left">Whether nonsecurity upgrades are deferred (You can defer upgrades up to 4 weeks.)</td>
-</tr>
-<tr class="even">
-<td align="left">Pause update deferrals</td>
-<td align="left">Whether the device should skip an update cycle (This setting is valid only when you configure devices to defer updates or upgrades.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Require update approval</td>
-<td align="left">Whether approval is required before updates can be installed on devices (If approval is required, any updates that have an End User License Agreement [EULA] are automatically accepted on the user’s behalf.)</td>
-</tr>
-<tr class="even">
-<td align="left">Schedule install time</td>
-<td align="left">The scheduled time at which updates are installed</td>
-</tr>
-<tr class="odd">
-<td align="left">Scheduled install day</td>
-<td align="left">The schedule of days on which updates are installed</td>
-</tr>
-<tr class="even">
-<td align="left">Update deferral period</td>
-<td align="left">How long updates should be deferred</td>
-</tr>
-<tr class="odd">
-<td align="left">Update service URL</td>
-<td align="left">The name of a WSUS server from which to download updates instead of Windows Update</td>
-</tr>
-<tr class="even">
-<td align="left">Upgrade deferral period</td>
-<td align="left">How long Windows 10 Mobile upgrades should be deferred</td>
-</tr>
-</tbody>
-</table>
- 
-In addition to configuring how Windows 10 Mobile Enterprise obtains updates, you can manage individual Windows 10 Mobile updates. Table 21 provides information about approved updates to help you control the rollout of new updates to Windows 10 Mobile Enterprise devices.
-
-Table 21. Windows 10 Mobile Enterprise approved update information
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">Approved updates</td>
-<td align="left">A list of approved updates. Each update in the list includes the <strong>Approved Time</strong> setting, which specifies the update approval time. Any approved updates automatically accept EULAs on behalf of users.</td>
-</tr>
-<tr class="even">
-<td align="left">Failed updates</td>
-<td align="left">A list of updates that failed during installation. Each update in the list includes the following settings:
-<ul>
-<li><p><strong>H Result.</strong> The update failure code</p></li>
-<li><p><strong>Status.</strong> The failed update state (for example, <strong>download</strong>, <strong>install</strong>)</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Installed updates</td>
-<td align="left">A list of updates that are installed on the device.</td>
-</tr>
-<tr class="even">
-<td align="left">Installable updates</td>
-<td align="left">A list of updates that are available for installation. Each update in the list includes the following settings:
-<ul>
-<li><p><strong>Type.</strong> The type of update available for installation, set to one of the following values:</p>
-<ul>
-<li><p><strong>0</strong> (no type)</p></li>
-<li><p><strong>1</strong> (security)</p></li>
-<li><p><strong>2</strong> (critical)</p></li>
-</ul></li>
-<li><p><strong>Revision Number.</strong> The revision number for the update used to get metadata for the update during synchronization.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Pending reboot updates</td>
-<td align="left">A list of updates that require a restart to complete update installation. Each update in the last has the <strong>Installed Time</strong> setting enabled, which specifies installation time for the update.</td>
-</tr>
-<tr class="even">
-<td align="left">Last successful scan time</td>
-<td align="left">The last time a successful update scan was completed.</td>
-</tr>
-<tr class="odd">
-<td align="left">Defer upgrade</td>
-<td align="left">Whether the upgrade is deferred until the next update cycle.</td>
-</tr>
-</tbody>
-</table>
- 
-
-### <a href="" id="device-comp"></a>Device compliance monitoring
-
-You can use your MDM system to monitor compliance. Windows 10 Mobile provides audit information to track issues or perform remedial actions. This information helps you ensure that devices are configured to comply with organizational standards.
-
-You can also assess the health of devices that run Windows 10 Mobile and take enterprise policy actions. The process that the health attestation feature in Windows 10 Mobile uses is as follows:
-
-1.  The health attestation client collects data used to verify device health.
-2.  The client forwards the data to the Health Attestation Service (HAS).
-3.  The HAS generates a Health Attestation Certificate.
-4.  The client forwards the Health Attestation Certificate and related information to the MDM system for verification.
-
-For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).
-
-Depending on the results of the health state validation, an MDM system can take one of the following actions:
-
--   Allow the device to access resources.
--   Allow the device to access resources but identify the device for further investigation.
--   Prevent the device from accessing resources.
-
-Table 21 lists data points that the HAS collects and evaluates from devices that run Windows 10 Mobile to determine the action to perform. For most of these data points, the MDM system can take one of the following actions:
-
--   Disallow all access.
--   Disallow access to high-business-impact assets.
--   Allow conditional access based on other data points that are present at evaluation time—for example, other attributes on the health certificate or a device’s past activities and trust history.
--   Take one of the previous actions, and also place the device on a watch list to monitor it more closely for potential risks.
--   Take corrective action, such as informing IT administrators to contact the owner and investigate the issue.
-
-Table 21. Windows 10 Mobile HAS data points
-
-| Data point                                               | Description                                                                                                                                                                                                                    |
-|----------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Attestation Identity Key (AIK) present                   | Indicates that an AIK is present (in other words, the device can be trusted more than a device without an AIK).                                                                                                                |
-| Data Execution Prevention (DEP) enabled                  | Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.                                                                                             |
-| BitLocker status                                         | BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.                                                                                                |
-| Secure Boot enabled                                      | Whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices.                             |
-| Code integrity enabled                                   | Whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity.                            |
-| Safe mode                                                | Whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode.                                                                              |
-| Running Windows Preinstallation Environment (Windows PE) | Whether the device is running Windows PE. A device running Windows PE isn’t as secure as a device running Windows 10 Mobile.                                                                                                   |
-| Boot debug enabled                                       | Whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled.                                                                             |
-| OS kernel debugging enabled                              | Whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled.          |
-| Test signing enabled                                     | Whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled.                                                                                     |
-| Boot Manager Version                                     | The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted).                                           |
-| Code integrity version                                   | Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted).   |
-| Secure Boot Configuration Policy (SBCP) present          | Whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash.                                                                                     |
-| Boot cycle whitelist                                     | The view of the host platform between boot cycles as defined by the manufacturer compared to a published whitelist. A device that complies with the whitelist is more trustworthy (secure) than a device that is noncompliant. |
- 
-### <a href="" id="data-inv"></a>Device inventory
-
-Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely, and you can use the system’s reporting capabilities to analyze device resources and information. With this information, you can determine the current hardware and software resources of the device (for example, installed updates).
-
-Table 22 lists examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide.
-
-Table 22. Windows 10 Mobile software and hardware inventory examples
-
-| Setting  | Description |
-| - | - |
-| Installed enterprise apps | List of the enterprise apps installed on the device |
-| Device name  | The device name configured for the device |
-| Firmware version | Version of firmware installed on the device |
-| Operating system version | Version of the operating system installed on the device |
-| Device local time | Local time on the device |
-| Processor type | Processor type for the device |
-| Device model | Model of the device as defined by the manufacturer |
-| Device manufacturer | Manufacturer of the device |
-| Device processor architecture | Processor architecture for the device |
-| Device language | Language in use on the device |
-| Phone number | Phone number assigned to the device |
-| Roaming status | Indicates whether the device has a roaming cellular connection |
-| International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI) | Unique identifiers for the cellular connection for the phone; Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user | | IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device                                                                                                                                                   |
-| Wi-Fi media access control (MAC) address | MAC address assigned to the Wi-Fi adapter in the device |
-| Wi-Fi DNS suffix and subnet mask | DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device |
-| Secure Boot state | Indicates whether Secure Boot is enabled |
-| Enterprise encryption policy compliance | Indicates whether the device is encrypted |
- 
-### <a href="" id="remote-assist"></a>Remote assistance
-
-The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include:
-
--   **Remote lock.** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it but not immediately (for example, leaving the device at a customer site).
--   **Remote PIN reset.** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost, and users are able to gain access to their devices quickly.
--   **Remote ring.** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it.
--   **Remote find.** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. To configure Windows 10 Mobile remote find, use the settings in Table 23. The remote find feature returns the most current latitude, longitude, and altitude of the device.
+
+**Managing the Update Experience**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Set update client experience with [Allowautomaticupdate](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_AllowAutoUpdate) policy for your employees. This allows the IT Pro to influence the way the update client on the devices behaves when scanning, downloading, and installing updates. 
+
+This can include: 
+-   Notifying users prior to downloading updates.
+-   Automatically downloading updates, and then notifying users to schedule a restart (this is the default behavior if this policy is not configured).
+-   Automatically downloading and restarting devices with user notification.
+-   Automatically downloading and restarting devices at a specified time.
+-   Automatically downloading and restarting devices without user interaction.
+-   Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device will not receive any updates. 
+
+In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ActiveHoursEnd) (supported values are 0-23, where 0 is 12am, 1 is 1am, etc.) or on a specific what [day of the week](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ScheduledInstallDay) (supported values are 0-7,  where 0 is every day, 1  is Sunday, 2 is Monday, etc.). 
+
+**Managing the source of updates with MDM**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Although Windows 10 Enterprise enables IT administrators to defer installation of new updates from Windows Update, enterprises may also want additional control over update processes. With this in mind, Microsoft created Windows Update for Business. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates. If you are using a MDM system, the use of Windows Update for Business is not a requirement, as you can manage these features from your MDM system. 
+
+Learn more about [Windows Update for Business](../plan/windows-update-for-business.md). 
+
+IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS. 
+
+**Managing Updates with Windows Update Server**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+When using WSUS, set **UpdateServiceUrl** to allow the device to check for updates from a WSUS server instead of Windows Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet, usually handheld devices used for task completion, or other Windows IoT devices. 
+
+Learn more about [managing updates with Windows Server Update Services (WSUS)](https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx)
+
+**Querying the device update status**
+
+*Applies to: Personal and corporate devices*
+
+In addition to configuring how Windows 10 Mobile Enterprise obtains updates, the MDM administrator can query devices for Windows 10 Mobile update information so that update status can be checked against a list of approved updates. 
+
+The device update status query provides an overview of:
+-   Installed updates: A list of updates that are installed on the device. 
+-   Installable updates: A list of updates that are available for installation. 
+-   Failed updates: A list of updates that failed during installation, including indication of why the update failed.
+-   Pending reboot: A list of updates that require a restart to complete update installation. 
+-   Last successful scan time: The last time a successful update scan was completed. 
+-   Defer upgrade: Whether the upgrade is deferred until the next update cycle.		
+
+### <a href="" id="device-health"></a>Device health 
+
+*Applies to: Personal and corporate devices*
+
+Device Health Attestation (DHA) is another line of defense that is new to Windows 10 Mobile. It can be used to remotely detect devices that lack a secure configuration or have vulnerabilities that could allow them to be easily exploited by sophisticated attacks. 
+
+Windows 10 Mobile makes it easy to integrate with Microsoft Intune or third-party MDM solutions for an overall view of device health and compliance. Using these solutions together, you can detect jailbroken devices, monitor device compliance, generate compliance reports, alert users or administrators to issues, initiate corrective action, and manage conditional access to resources like Office 365 or VPN.  
+
+The first version of Device Health Attestation (DHA) was released in June 2015 for Windows 10 devices that supported TPM 2.0 and operated in an enterprise cloud-based topology. In the Windows 10 anniversary release, Device Health Attestation (DHA) capabilities are extended to legacy devices that support TPM 1.2, hybrid, and on-premises environments that have access to the Internet or operate in an air-gapped network. 
+
+The health attestation feature is based on Open Mobile Alliance (OMA) standards. IT managers can use DHA to validate devices that: 
+-   Run Windows 10 operating system (mobile phone or PC)
+-   Support Trusted Module Platform (TPM 1.2 or 2.0) in discrete of firmware format 
+-   Are managed by a DHA-enabled device management solution (Intune or third-party MDM)
+-   Operate in cloud, hybrid, on-premises, and BYOD scenarios 
+
+DHA-enabled device management solutions help IT managers create a unified security bar across all managed Windows 10 Mobile devices. This allows IT managers to:
+-   Collect hardware attested data (highly assured) data remotely
+-   Monitor device health compliance and detect devices that are vulnerable or could be exploited by sophisticated attacks
+-   Take actions against potentially compromised devices, such as: 
+-   Trigger corrective actions remotely so offending device is inaccessible (lock, wipe, or brick the device)
+-   Prevent the device from getting access to high-value assets (conditional access)
+-   Trigger further investigation and monitoring (route the device to a honeypot for further monitoring)
+-   Simply alert the user or the admin to fix the issue 
+
+>**Note:** Windows Device Health Attestation Service can be used for conditional access scenarios which may be enabled by Mobile Device Management solutions (e.g.: Microsoft Intune) and other types of management systems (e.g.: SCCM) purchased separately.
+
+For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).
+
+Thisis a lists of attributes that are supported by DHA and can trigger the corrective actions mentioned above.  
+-   **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK).
+-   **Data Execution Prevention (DEP) enabled** Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.
+-   **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.
+-   **Secure Boot enabled** Whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices.
+-   **Code integrity enabled** Whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity.
+-   **Safe mode** Whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode.
+-   **Boot debug enabled** Whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled.
+-   **OS kernel debugging enabled** Whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled.
+-   **Test signing enabled** Whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled.
+-   **Boot Manager Version** The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted).
+-   **Code integrity version** Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted).
+-   **Secure Boot Configuration Policy (SBCP) present** Whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash.
+-   **Boot cycle whitelist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published whitelist. A device that complies with the whitelist is more trustworthy (secure) than a device that is noncompliant.
+
+**Example scenario** 
+
+Windows 10 mobile has protective measures that work together and integrate with Microsoft Intune or third-party Mobile Device Management (MDM) solutions. IT administrators can monitor and verify compliance to ensure corporate resources are protected end-to–end with the security and trust rooted in the physical hardware of the device. 
+
+Here is what occurs when a smartphone is turned on:
+1.	Windows 10 Secure Boot protects the boot sequence, enables the device to boot into a defined and trusted configuration, and loads a factory trusted boot loader.
+2.	Windows 10 Trusted Boot takes control, verifies the digital signature of the Windows kernel, and the components are loaded and executed during the Windows startup process.
+3.	In parallel to Steps 1 and 2, Windows 10 Mobile TPM (Trusted Platform Modules – measured boot) runs independently in a hardware-protected security zone (isolated from boot execution path monitors boot activities) to create an integrity protected and tamper evident audit trail - signed with a secret that is only accessible by TPM.   
+4.	Devices managed by a DHA-enabled MDM solution send a copy of this audit trail to Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.  
+5.	Microsoft HAS reviews the audit trails, issues an encrypted/signed report, and forwards it to the device. 
+6.	IT managers can use a DHA-enabled MDM solution to review the report in a protected, tamper-resistant and tamper-evident communication channel. They can assess if a device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with security needs and enterprise policies.  
+
+### <a href="" id="asset-reporting"></a>Asset reporting
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (e.g., installed updates).
+
+The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide.
+
+-   **Installed enterprise apps** List of the enterprise apps installed on the device
+-   **Device name** The device name configured for the device
+-   **Firmware version** Version of firmware installed on the device
+-   **Operating system version** Version of the operating system installed on the device
+-   **Device local time** Local time on the device
+-   **Processor type** Processor type for the device
+-   **Device model** Model of the device as defined by the manufacturer
+-   **Device manufacturer** Manufacturer of the device
+-   **Device processor architecture** Processor architecture for the device
+-   **Device language** Language in use on the device
+-   **Phone number** Phone number assigned to the device
+-   **Roaming status** Indicates whether the device has a roaming cellular connection
+-   **International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI)	Unique identifiers for the cellular connection for the phone; Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user
+-   **Wi-Fi IP address** IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device
+-   **Wi-Fi media access control (MAC) address** MAC address assigned to the Wi-Fi adapter in the device
+-   **Wi-Fi DNS suffix and subnet mask** DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device
+-   **Secure Boot state** Indicates whether Secure Boot is enabled
+-   **Enterprise encryption policy compliance** Indicates whether the device is encrypted
+
+### <a href="" id="manage-telemetry"></a>Manage telemetry
+
+*Applies to: Corporate devices with Windows 10 Mobile Enterprise edition*
+
+Microsoft uses telemetry (diagnostics, performance, and usage data) from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry helps keep Windows devices healthy, improve the operating system, and personalize features and services. 
+
+You can control the level of data that telemetry systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
+
+For more information, see [Configure Windows telemetry in Your organization](configure-windows-telemetry-in-your-organization.md).
+
+>**Note:** Telemetry can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
+
+### <a href="" id="mremote-assistance"></a>Remote assistance
+
+*Applies to: Personal and corporate devices*
+
+The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include:
+-   **Remote lock** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it, but not immediately (e.g., leaving the device at a customer site).
+-   **Remote PIN reset** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost and users are able to quickly gain access to their devices.
+-   **Remote ring** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it.
+-   **Remote find** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. Remote find parameters can be configured via phone settings (see table below). The remote find feature returns the most current latitude, longitude, and altitude of the device.
+
+**Remote assistance policies** 
+-   **Desired location accuracy** The desired accuracy as a radius value in meters; has a value between 1 and 1,000 meters
+-   **Maximum remote find** Maximum length of time in minutes that the server will accept a successful remote find; has a value between 0 and 1,000 minutes
+-   **Remote find timeout** The number of seconds devices should wait for a remote find to finish; has a value between 0 and 1,800 seconds
 
 These remote management features help organizations reduce the IT effort required to manage devices. They also help users quickly regain use of their device should they misplace it or forget the device password.
 
-Table 23. Windows 10 Mobile remote find settings
+>**Remote control software** Microsoft does not provide build-in remote control software, but works with partners to deliver these capabilities and services. With version 1607, remote assistant and control applications are available in the Windows Store.
 
-| Setting                   | Description                                                                                                                     |
-|---------------------------|---------------------------------------------------------------------------------------------------------------------------------|
-| Desired location accuracy | The desired accuracy as a radius value in meters; has a value between 1 and 1,000 meters                                        |
-| Maximum remote find       | Maximum length of time in minutes that the server will accept a successful remote find; has a value between 0 and 1,000 minutes |
-| Remote find timeout       | The number of seconds devices should wait for a remote find to finish; has a value between 0 and 1,800 seconds                  |
- 
-### <a href="" id="cloud-serv"></a>Cloud services
+## Retire
 
-On mobile devices that run Windows 10 Mobile, users can easily connect to apps and data. As a result, they frequently connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
+*Applies to: Corporate and Personal devices*
 
-**Manage push notifications**
+Device retirement is the last phase of the device lifecycle, which in today’s business environment averages about 18 months. After that time period, employees want the productivity and performance improvements that come with the latest hardware. It’s important that devices being replaced with newer models are securely retired since you don’t want any company data to remain on discarded devices that could compromise the confidentiality of your data. This is typically not a problem with corporate devices, but it can be more challenging in a personal device scenario. You need to be able to selectively wipe all corporate data without impacting personal apps and data on the device. IT also needs a way to adequately support users who need to wipe devices that are lost or stolen.
 
-The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
-Push notifications can affect battery life, however, so the battery saver in Windows 10 Mobile limits background activity on the devices to extend battery life. Users can configure battery saver to turn on automatically when the battery drops below a set threshold. When battery saver is on, Windows 10 Mobile disables the receipt of push notifications to save energy.
+Windows 10 Mobile IT supports device retirement in both personal and corporate scenarios, allowing IT to be confident that corporate data remains confidential and user privacy is protected. 
 
-There is an exception to this behavior, however. In Windows 10 Mobile, the **Always allowed** battery saver settings (found in the Settings app) allow apps to receive push notifications even when battery saver is on. Users can manually configure this list, or you can use the MDM system to configure it—that is, you can use the battery saver settings URI scheme in Windows 10 Mobile (**ms-settings:batterysaver-settings**) to configure these settings.
-For more information about push notifications, see [Windows Push Notification Services (WNS) overview](http://go.microsoft.com/fwlink/p/?LinkId=734060).
+>**Note:** All these MDM capabilities are in addition to the device’s software and hardware factory reset features, which employees can use to restore devices to their factory configuration.
 
-**Manage telemetry**
+**Personal devices:** Windows 10 mobile supports the USA regulatory requirements for a “kill switch” in case your phone is lost or stolen. Reset protection is a free service on account.microsoft.com that helps ensure that the phone cannot be easily reset and reused. All you need to do to turn on **Reset Protection** is sign in with your Microsoft account and accept the recommended settings. To manually turn it on, you can find it under Settings > Updates & security > Find my phone. At this point, Reset Protection is only available with an MSA, not with Azure AD account. It is also only available in the USA and not in other regions of the world. 
 
-As people use Windows 10 Mobile, it can collect performance and usage telemetry that helps Microsoft identify and troubleshoot problems as well as improve its products and services. Microsoft recommends that you select **Full** for this setting.
-Microsoft employees, contractors, vendors, and partners might have access to relevant portions of the information that Windows 10 Mobile collects, but they are permitted to use the information only to repair or improve Microsoft products and services or third-party software and hardware designed for use with Microsoft products and services.
+If you choose to completely wipe a device when lost or when an employee leaves the company, make sure you obtain consent from the user and follow any local legislation that protects the user’s personal data. 
 
-You can control the level of data that MDM systems collect. Table 24 lists the data levels that Windows 10 Mobile collects and provides a brief description of each. To configure devices, specify one of these levels in the **Allow Telemetry** setting.
-Table 24. Windows 10 Mobile data collection levels
-| Level of data | Description |
-|- | - | 
-| Security      | Collects only the information required to keep Windows 10 Mobile enterprise-grade secure, including information about telemetry client settings, the Malicious Software Removal Tool, and Windows Defender. This level is available only on Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core. For Windows 10 Mobile, this setting disables Windows 10 Mobile telemetry. |
-| Basic         | Provides only the data vital to the operation of Windows 10 Mobile. This data level helps keep Windows 10 Mobile and apps running properly by letting Microsoft know the device’s capabilities, what’s installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. By selecting this option, you allow Microsoft to provide updates through Windows Update, including malicious software protection through the Malicious Software Removal Tool. |
-| Enhanced      | Includes all Basic data plus data about how users use Windows 10 Mobile, such as how frequently or how long they use certain features or apps and which apps they use most often. This option also lets operating system collect enhanced diagnostic information, such as the memory state of a device when a system or app crash occurs, and measure reliability of devices, the operating system, and apps.                                                                                                  |
-| Full          | Includes all Basic and Enhanced data and also turns on advanced diagnostic features that collect additional data from devices, such as system files or memory snapshots, which may unintentionally include parts of documents user are working on when a problem occurred. This information helps Microsoft further troubleshoot and fix problems. If an error report contains personal data, Microsoft does not use that information to identify, contact, or target advertising to users.                    |
- 
-## Device retirement
+A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system. 
 
-Device retirement (unenrollment) is the last phase of the device life cycle. Historically, mobile device retirement has been a complex and difficult process for organizations. When the organization no longer needs devices, it must remove (wipe) corporate data from them. BYOD scenarios make retirement even more complex because users expect their personal apps and data to remain untouched. Therefore, organizations must remove their data without affecting users’ data.
+**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process. 
 
-You can remotely remove all corporate data from devices that run Windows 10 Mobile without affecting existing user data (partial or enterprise wipe). The help desk or the devices’ users can initiate device retirement. When retirement is complete, Windows 10 Mobile returns the devices to a consumer state, as they were before enrollment. The following list summarizes the corporate data removed from a device when it’s retired:
+**Settings for personal or corporate device retirement**
+-   **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
+-   **Allow user to reset phone** Whether users are allowed to use Settings or hardware key combinations to return the device to factory defaults
 
--   Email accounts
--   Enterprise-issued certificates
--   Network profiles
--   Enterprise-deployed apps
--   Any data associated with the enterprise-deployed apps
 
->**Note:**  All these features are in addition to the device’s software and hardware factory reset features, which users can use to restore devices to their factory configuration.
- 
-To specify whether users can delete the workplace account in Control Panel and unenroll from the MDM system, enable the **Allow Manual MDM Unenrollment** setting. Table 25 lists additional Windows 10 remote wipe settings that you can use the MDM system to configure.
-
-Table 25. Windows 10 Mobile remote wipe settings
-
-| Setting                       | Description                                                                                                          |
-|-------------------------------|----------------------------------------------------------------------------------------------------------------------|
-| Wipe                          | Specifies that a remote wipe of the device should be performed                                                       |
-| Allow manual MDM unenrollment | Whether users are allowed to delete the workplace account (in other words, unenroll the device from the MDM system)  |
-| Allow user to reset phone     | Whether users are allowed to use Control Panel or hardware key combinations to return the device to factory defaults |
- 
 ## Related topics
 
-- [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=734050)
-- [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=723984)
-- [Overview of Mobile Device Management for Office 365](http://go.microsoft.com/fwlink/p/?LinkId=734052)
-- [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910)
+- [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050)
+- [Enterprise Mobility + Security](https://go.microsoft.com/fwlink/p/?LinkId=723984)
+- [Overview of Mobile Device Management for Office 365](https://go.microsoft.com/fwlink/p/?LinkId=734052)
+- [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=722910)
+
+
+## Revision History
+
+-   November 2015   Updated for Windows 10 Mobile (version 1511)
+-   August 2016     Updated for Windows 10 Mobile Anniversary Update (version 1607)
+
diff --git a/windows/manage/windows-10-start-layout-options-and-policies.md b/windows/manage/windows-10-start-layout-options-and-policies.md
index c41206fb4c..93ebd58d4e 100644
--- a/windows/manage/windows-10-start-layout-options-and-policies.md
+++ b/windows/manage/windows-10-start-layout-options-and-policies.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Manage Windows 10 Start and taskbar layout
@@ -128,7 +128,7 @@ There are three categories of apps that might be pinned to a taskbar:
 * Apps pinned by the enterprise, such as in an unattended Windows setup
 
  **Note**  
-   The earlier method of using [TaskbarLinks](http://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file is deprecated in Windows 10, version 1607.
+   The earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file is deprecated in Windows 10, version 1607.
    
 The following example shows how apps will be pinned - Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square).
 
diff --git a/windows/manage/windows-spotlight.md b/windows/manage/windows-spotlight.md
index 2af7597418..f6182e086b 100644
--- a/windows/manage/windows-spotlight.md
+++ b/windows/manage/windows-spotlight.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+localizationpriority: high
 ---
 
 # Windows Spotlight on the lock screen
diff --git a/windows/manage/windows-store-for-business-overview.md b/windows/manage/windows-store-for-business-overview.md
index c6213c2a9e..6f8d654f82 100644
--- a/windows/manage/windows-store-for-business-overview.md
+++ b/windows/manage/windows-store-for-business-overview.md
@@ -25,7 +25,7 @@ With the new Windows Store for Business, organizations can make volume purchases
 
 Organizations of any size can benefit from using the Store for Business provides:
 
--   **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Businessare available to you, or you can integrate the Store for Businesswith management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
+-   **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate the Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
 
 -   **Bulk app acquisition** - Acquire apps in volume from the Store for Business.
 
@@ -66,7 +66,7 @@ Microsoft Azure Active Directory (AD) accounts for your employees:
 
 -   For offline-licensed apps, Azure AD accounts are not required for employees.
 
-For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611).
+For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
 
 ### Optional
 
@@ -145,11 +145,11 @@ Once signed in to the Store for Business, you can browse and search for all prod
 
 -   Universal Windows Platform apps
 
--   Universal Windows apps, by device: Phone, Surface Hub, IOT devices , HoloLens
+-   Universal Windows apps, by device: Phone, Surface Hub, IOT devices, HoloLens
 
 Apps purchased from the Store for Business only work on Windows 10 devices.
 
-Line-of-business (LOB) apps are also supported via the Business store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization. These apps can be distributed using the distribution methods discussed in this topic. For more information, see Working with Line-of-Business apps.
+Line-of-business (LOB) apps are also supported via the Business store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization. These apps can be distributed using the distribution methods discussed in this topic. For more information, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
 
 **App licensing model**
 
@@ -265,7 +265,7 @@ Store for Business is currently available in these markets.
 ## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business
 
 
-Developers in your organization, or ISVs can create content specific to your organization. In the Store for Business, we call these app line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this:
+Developers in your organization, or ISVs can create content specific to your organization. In the Store for Business, we call these line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this:
 
 -   Admin invites devs to be LOB publishers for your organization. These devs can be internal devs, or external ISVs.
 
diff --git a/windows/manage/working-with-line-of-business-apps.md b/windows/manage/working-with-line-of-business-apps.md
index e0d0c284fe..f16e66fee9 100644
--- a/windows/manage/working-with-line-of-business-apps.md
+++ b/windows/manage/working-with-line-of-business-apps.md
@@ -22,7 +22,7 @@ Your company can make line-of-business (LOB) applications available through Wind
 
 Developers within your own company, or ISVs that you invite, can become LOB publishers and submit apps to the Windows Store for your company. Once a LOB publisher submits an app for your company, the app is only available to your company. LOB publishers submit apps through the Windows Dev Center using the same process as all apps that are in the Store, and then can be managed or deployed using the same process as any other app that has been acquired through the Store.
 
-One advantage of making apps available through Store for Business is that the app has been signed by the Store, and uses the standard Store policies. For companies that can’t submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](http://go.microsoft.com/fwlink/p/?LinkId=623433) is also supported in Windows 10.
+One advantage of making apps available through Store for Business is that the app has been signed by the Store, and uses the standard Store policies. For companies that can’t submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](https://go.microsoft.com/fwlink/p/?LinkId=623433) is also supported in Windows 10.
 
 ## <a href="" id="adding-lob-apps"></a>Adding LOB apps to your private store
 
@@ -39,7 +39,7 @@ What you'll have to set up:
 
 -   Your company needs to be signed up with Store for Business.
 
--   LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](http://go.microsoft.com/fwlink/p/?LinkId=623432).
+-   LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
 
 -   LOB publishers need to have an app in the Store, or have an app ready to submit to the Store.
 
@@ -49,7 +49,7 @@ For developers within your own organization, or ISVs you're working with to crea
 
 **To invite a developer to become an LOB publisher**
 
-1.  Sign in to the [Windows Store for Business]( http://go.microsoft.com/fwlink/p/?LinkId=623531).
+1.  Sign in to the [Windows Store for Business]( https://go.microsoft.com/fwlink/p/?LinkId=623531).
 2.  Click **Settings**, and then choose **LOB publishers**.
 3.  On the Line-of business publishers page, click **Add** to complete a form and send an email invitation to a developer.<br>
 **Note** This needs to be the email address listed in contact info for the developer account. 
@@ -58,16 +58,16 @@ For developers within your own organization, or ISVs you're working with to crea
 
 The developer receives an email invite to become an LOB publisher for your company. Once they accept the invite, they can log in to the Windows Dev Center to create an app submission for your company. The info here assumes that devs or ISVs have an active developer account.
 
-After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](http://go.microsoft.com/fwlink/p/?LinkId=623463) and [Distributing LOB apps to enterprises](http://go.microsoft.com/fwlink/p/?LinkId=627543).
+After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](https://go.microsoft.com/fwlink/p/?LinkId=623463) and [Distributing LOB apps to enterprises](https://go.microsoft.com/fwlink/p/?LinkId=627543).
 
 **To create a new submission for an app**
 
-1.  Sign in to the [Windows Dev Center](http://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
+1.  Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
 2.  On the App overview page, under **Action**, click **Update**.
 
     -OR-
 
-    Submit your app following the guidelines in [App submissions](http://go.microsoft.com/fwlink/p/?LinkId=623463). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
+    Submit your app following the guidelines in [App submissions](https://go.microsoft.com/fwlink/p/?LinkId=623463). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
 
 3.  On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
 4.  Under **Organizational licensing**, click **Show options**.
@@ -80,7 +80,7 @@ After an app is published and available in the Store, ISVs publish an updated ve
 
 5.  Click **Save** to save your changes and start the app submission process.
 
-For more information, see [Organizational licensing options]( http://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](http://go.microsoft.com/fwlink/p/?LinkId=627543).<br>
+For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](https://go.microsoft.com/fwlink/p/?LinkId=627543).<br>
 **Note** In order to get the LOB app, the organization must be located in a [supported market](https://technet.microsoft.com/itpro/windows/whats-new/windows-store-for-business-overview#supported-markets), and you must not have excluded that market when submitting your app.
 
 ### <a href="" id="add-lob-app-to-inventory"></a>Add app to inventory (admin)
diff --git a/windows/plan/change-history-for-plan-for-windows-10-deployment.md b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
index b584bf2f8d..fe06fd00a1 100644
--- a/windows/plan/change-history-for-plan-for-windows-10-deployment.md
+++ b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
@@ -14,6 +14,7 @@ author: TrudyHa
 This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
 
+
 ## RELEASE: Windows 10, version 1607
 
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update).
diff --git a/windows/plan/chromebook-migration-guide.md b/windows/plan/chromebook-migration-guide.md
index 12773fdd7e..8db7b3b57c 100644
--- a/windows/plan/chromebook-migration-guide.md
+++ b/windows/plan/chromebook-migration-guide.md
@@ -236,7 +236,7 @@ Assign the setting-migration priority based on how critical the setting is to th
 ## <a href="" id="plan-email-migrate"></a>Plan for email migration
 
 Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 **Identify the list of user mailboxes to migrate**
 
@@ -244,7 +244,7 @@ In regards to creating the list of users you will migrate, it might seem that th
 
 Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
 
-Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](http://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
+Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](https://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
 
 **Identify companion devices that access Google Apps Gmail**
 
@@ -252,7 +252,7 @@ In addition to Chromebook devices, users may have companion devices (smartphones
 
 After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
 
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
 **Identify the optimal timing for the migration**
 
 Typically, the best time to perform the migration is between academic years or during semester breaks. Select the time of least activity for your institution. And during that time, the optimal time to perform the migration might be during an evening or over a weekend.
@@ -571,9 +571,9 @@ Examine each of the following network infrastructure technologies and services a
 
     For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
 
-    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](http://go.microsoft.com/fwlink/p/?LinkId=690255)
-    -   [Hidden Cost of Chromebook Deployments](http://go.microsoft.com/fwlink/p/?LinkId=690256)
-    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](http://go.microsoft.com/fwlink/p/?LinkId=690257)
+    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](https://go.microsoft.com/fwlink/p/?LinkId=690255)
+    -   [Hidden Cost of Chromebook Deployments](https://go.microsoft.com/fwlink/p/?LinkId=690256)
+    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
 
 -   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
 
@@ -612,15 +612,15 @@ Table 7. Network infrastructure products and technologies and deployment resourc
 <tr class="odd">
 <td align="left">DHCP</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[DHCP Deployment Guide](http://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[DHCP Deployment Guide](https://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">DNS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Deploying Domain Name System (DNS)](http://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Deploying Domain Name System (DNS)](https://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -650,16 +650,16 @@ Table 8. AD DS, Azure AD and deployment resources
 <tr class="odd">
 <td align="left">AD DS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Active Directory Domain Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Active Directory Domain Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Azure AD</td>
 <td align="left"><ul>
-<li><p>[Azure Active Directory documentation](http://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
-<li><p>[Manage and support Azure Active Directory Premium](http://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
-<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](http://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
+<li><p>[Azure Active Directory documentation](https://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
+<li><p>[Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
+<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](https://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -689,38 +689,38 @@ Table 9. Management systems and deployment resources
 <tr class="odd">
 <td align="left">Windows provisioning packages</td>
 <td align="left"><ul>
-<li><p>[Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
-<li><p>[Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
-<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](http://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
+<li><p>[Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
+<li><p>[Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
+<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](https://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Core Network Companion Guide: Group Policy Deployment](http://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
-<li><p>[Deploying Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
+<li><p>[Core Network Companion Guide: Group Policy Deployment](https://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
+<li><p>[Deploying Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[Site Administration for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
-<li><p>[Deploying Clients for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
+<li><p>[Site Administration for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
+<li><p>[Deploying Clients for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Set up and manage devices with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
-<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
-<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
+<li><p>[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
+<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
+<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">MDT</td>
 <td align="left"><ul>
-<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
-<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
+<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
+<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -751,23 +751,23 @@ Table 10. Management systems and app deployment resources
 <tr class="odd">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Editing an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
-<li><p>[Group Policy Software Deployment Background](http://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
-<li><p>[Assigning and Publishing Software](http://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
+<li><p>[Editing an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
+<li><p>[Group Policy Software Deployment Background](https://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
+<li><p>[Assigning and Publishing Software](https://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
-<li><p>[Application Management in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
+<li><p>[How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
+<li><p>[Application Management in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Deploy apps to mobile devices in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
-<li><p>[Manage apps with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
+<li><p>[Deploy apps to mobile devices in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
+<li><p>[Manage apps with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -792,13 +792,13 @@ If you do no want to migrate any user or device settings from the Chromebook dev
 
 In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
 
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 Alternatively, if you want to migrate to Office 365 from:
 -   **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
-    -   [Cutover Exchange Migration and Single Sign-On](http://go.microsoft.com/fwlink/p/?LinkId=690266)
-    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690267)
-    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690268)
+    -   [Cutover Exchange Migration and Single Sign-On](https://go.microsoft.com/fwlink/p/?LinkId=690266)
+    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690267)
+    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690268)
 -   **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
 
 ## Perform cloud storage migration
@@ -832,11 +832,11 @@ For example, if you selected to deploy Windows devices by each classroom, start
 In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy 
 Windows 10 images to the devices, see the following resources:
 
--   [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
--   [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)
--   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)
--   [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)
--   [Operating System Deployment in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733916)
+-   [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
+-   [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)
+-   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)
+-   [Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)
+-   [Operating System Deployment in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733916)
 
 In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
 
@@ -848,7 +848,7 @@ In addition to the Windows 10 image deployment, you may need to perform the fol
 After you complete these steps, your management system should take over the day-to-day maintenance tasks for the Windows 10 devices. Verify that the user and device settings migrated correctly as you deploy each batch of Windows 10 devices. Continue this process until you deploy all Windows 10 devices.
 
 ## Related topics
-- [Try it out: Windows 10 deployment (for education)](http://go.microsoft.com/fwlink/p/?LinkId=623254)
-- [Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)
+- [Try it out: Windows 10 deployment (for education)](https://go.microsoft.com/fwlink/p/?LinkId=623254)
+- [Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)
  
  
diff --git a/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index 9e9c9f6ada..a27d633a60 100644
--- a/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -78,7 +78,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix blocks <strong>InstallShield</strong> from setting the value of <strong>RunAs</strong> registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](http://go.microsoft.com/fwlink/p/?LinkId=690328).</p>
+<p>For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](https://go.microsoft.com/fwlink/p/?LinkId=690328).</p>
 </div>
 <div>
  
@@ -101,7 +101,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: <code>Software\MyCompany\Key1^Software\MyCompany\Key2</code>.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](http://go.microsoft.com/fwlink/p/?LinkId=690329).</p>
+<p>For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](https://go.microsoft.com/fwlink/p/?LinkId=690329).</p>
 </div>
 <div>
  
@@ -118,7 +118,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix modifies the file path names to point to a new location on the hard disk.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](http://go.microsoft.com/fwlink/p/?LinkId=690330). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.</p>
+<p>For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](https://go.microsoft.com/fwlink/p/?LinkId=690330). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.</p>
 </div>
 <div>
  
@@ -130,7 +130,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix corrects the file paths that are used by the uninstallation process of an application.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](http://go.microsoft.com/fwlink/p/?LinkId=690331). We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.</p>
+<p>For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](https://go.microsoft.com/fwlink/p/?LinkId=690331). We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.</p>
 </div>
 <div>
  
@@ -142,7 +142,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](http://go.microsoft.com/fwlink/p/?LinkId=690332).</p>
+<p>For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](https://go.microsoft.com/fwlink/p/?LinkId=690332).</p>
 </div>
 <div>
  
@@ -214,7 +214,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the DisableDWM Fix]( http://go.microsoft.com/fwlink/p/?LinkId=690334).</p>
+<p>For more detailed information about this application fix, see [Using the DisableDWM Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690334).</p>
 </div>
 <div>
  
@@ -252,7 +252,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690335).</p>
+<p>For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690335).</p>
 </div>
 <div>
  
@@ -269,7 +269,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](http://go.microsoft.com/fwlink/p/?LinkId=690336).</p>
+<p>For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](https://go.microsoft.com/fwlink/p/?LinkId=690336).</p>
 </div>
 <div>
  
@@ -281,7 +281,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this e application fix, see [Using the EmulateSorting Fix](http://go.microsoft.com/fwlink/p/?LinkId=690337).</p>
+<p>For more detailed information about this e application fix, see [Using the EmulateSorting Fix](https://go.microsoft.com/fwlink/p/?LinkId=690337).</p>
 </div>
 <div>
  
@@ -297,7 +297,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the EnableRestarts Fix](http://go.microsoft.com/fwlink/p/?LinkId=690338).</p>
+<p>For more detailed information about this application fix, see [Using the EnableRestarts Fix](https://go.microsoft.com/fwlink/p/?LinkId=690338).</p>
 </div>
 <div>
  
@@ -332,7 +332,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna).</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](http://go.microsoft.com/fwlink/p/?LinkId=690339).</p>
+<p>For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](https://go.microsoft.com/fwlink/p/?LinkId=690339).</p>
 </div>
 <div>
  
@@ -353,7 +353,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690342).</p>
+<p>For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690342).</p>
 </div>
 <div>
  
@@ -402,7 +402,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](http://go.microsoft.com/fwlink/p/?LinkId=690343).</p>
+<p>For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](https://go.microsoft.com/fwlink/p/?LinkId=690343).</p>
 </div>
 <div>
  
@@ -440,7 +440,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 </div>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the IgnoreException Fix](http://go.microsoft.com/fwlink/p/?LinkId=690344).</p>
+<p>For more detailed information about this application fix, see [Using the IgnoreException Fix](https://go.microsoft.com/fwlink/p/?LinkId=690344).</p>
 </div>
 <div>
  
@@ -462,7 +462,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](http://go.microsoft.com/fwlink/p/?LinkId=690345).</p>
+<p>For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](https://go.microsoft.com/fwlink/p/?LinkId=690345).</p>
 </div>
 <div>
  
@@ -491,7 +491,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the function call to create the object and replaces the word Global with Local.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the LocalMappedObject Fix](http://go.microsoft.com/fwlink/p/?LinkId=690346).</p>
+<p>For more detailed information about this application fix, see [Using the LocalMappedObject Fix](https://go.microsoft.com/fwlink/p/?LinkId=690346).</p>
 </div>
 <div>
  
@@ -503,7 +503,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix]( http://go.microsoft.com/fwlink/p/?LinkId=690347)</p>
+<p>For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690347)</p>
 </div>
 <div>
  
@@ -528,7 +528,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix reduces the security privilege levels on a specified set of files and folders.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](http://go.microsoft.com/fwlink/p/?LinkId=690348).</p>
+<p>For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](https://go.microsoft.com/fwlink/p/?LinkId=690348).</p>
 </div>
 <div>
  
@@ -603,7 +603,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RelaunchElevated Fix](http://go.microsoft.com/fwlink/p/?LinkId=690349).</p>
+<p>For more detailed information about this application fix, see [Using the RelaunchElevated Fix](https://go.microsoft.com/fwlink/p/?LinkId=690349).</p>
 </div>
 <div>
  
@@ -620,7 +620,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <li><p>STANDARD_READ_RIGHTS</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690350).</p>
+<p>For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690350).</p>
 </div>
 <div>
  
@@ -633,7 +633,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690351).</p>
+<p>For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690351).</p>
 </div>
 <div>
  
@@ -645,7 +645,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RunAsAdmin Fix](http://go.microsoft.com/fwlink/p/?LinkId=690353).</p>
+<p>For more detailed information about this application fix, see [Using the RunAsAdmin Fix](https://go.microsoft.com/fwlink/p/?LinkId=690353).</p>
 </div>
 <div>
  
@@ -657,7 +657,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RunAsHighest Fix](http://go.microsoft.com/fwlink/p/?LinkId=690355).</p>
+<p>For more detailed information about this application fix, see [Using the RunAsHighest Fix](https://go.microsoft.com/fwlink/p/?LinkId=690355).</p>
 </div>
 <div>
  
@@ -669,7 +669,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RunAsInvoker Fix](http://go.microsoft.com/fwlink/p/?LinkId=690356).</p>
+<p>For more detailed information about this application fix, see [Using the RunAsInvoker Fix](https://go.microsoft.com/fwlink/p/?LinkId=690356).</p>
 </div>
 <div>
  
@@ -692,7 +692,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 </div>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the SessionShim Fix](http://go.microsoft.com/fwlink/p/?LinkId=690358).</p>
+<p>For more detailed information about this application fix, see [Using the SessionShim Fix](https://go.microsoft.com/fwlink/p/?LinkId=690358).</p>
 </div>
 <div>
  
@@ -727,7 +727,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more information about this application fix, see [Using the ShimViaEAT Fix](http://go.microsoft.com/fwlink/p/?LinkId=690359).</p>
+<p>For more information about this application fix, see [Using the ShimViaEAT Fix](https://go.microsoft.com/fwlink/p/?LinkId=690359).</p>
 </div>
 <div>
  
@@ -752,7 +752,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the SpecificInstaller Fix]( http://go.microsoft.com/fwlink/p/?LinkId=690361).</p>
+<p>For more detailed information about this application fix, see [Using the SpecificInstaller Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690361).</p>
 </div>
 <div>
  
@@ -764,7 +764,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix flags the application to exclude it from detection by the GenericInstaller function.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](http://go.microsoft.com/fwlink/p/?LinkId=690363).</p>
+<p>For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](https://go.microsoft.com/fwlink/p/?LinkId=690363).</p>
 </div>
 <div>
  
@@ -795,7 +795,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>Where MessageString1 and MessageString2 reflect the message strings that can pass.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>Multiple message strings must be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](http://go.microsoft.com/fwlink/p/?LinkId=690365).</p>
+<p>Multiple message strings must be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](https://go.microsoft.com/fwlink/p/?LinkId=690365).</p>
 </div>
 <div>
  
@@ -810,7 +810,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>Multiple messages can be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](http://go.microsoft.com/fwlink/p/?LinkId=690367).</p>
+<p>Multiple messages can be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](https://go.microsoft.com/fwlink/p/?LinkId=690367).</p>
 </div>
 <div>
  
@@ -828,7 +828,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <td align="left"><p>VirtualRegistry</p></td>
 <td align="left"><p>The problem is indicated when a Component failed to be located error message displays when an application is started.</p>
 <p>The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on.</p>
-<p>For more detailed information about this application fix, see [Using the VirtualRegistry Fix](http://go.microsoft.com/fwlink/p/?LinkId=690368).</p></td>
+<p>For more detailed information about this application fix, see [Using the VirtualRegistry Fix](https://go.microsoft.com/fwlink/p/?LinkId=690368).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>VirtualizeDeleteFile</p></td>
@@ -836,7 +836,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](http://go.microsoft.com/fwlink/p/?LinkId=690369).</p>
+<p>For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](https://go.microsoft.com/fwlink/p/?LinkId=690369).</p>
 </div>
 <div>
  
@@ -848,14 +848,14 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance.</p>
 <p>HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated.</p>
 <p>You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix.</p>
-<p>For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](http://go.microsoft.com/fwlink/p/?LinkId=690370).</p></td>
+<p>For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](https://go.microsoft.com/fwlink/p/?LinkId=690370).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>VirtualizeRegisterTypeLib</p></td>
 <td align="left"><p>The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](http://go.microsoft.com/fwlink/p/?LinkId=690371).</p>
+<p>For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](https://go.microsoft.com/fwlink/p/?LinkId=690371).</p>
 </div>
 <div>
  
@@ -907,7 +907,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <li><p>Save the custom database.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](http://go.microsoft.com/fwlink/p/?LinkId=690374).</p>
+<p>For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](https://go.microsoft.com/fwlink/p/?LinkId=690374).</p>
 </div>
 <div>
  
@@ -923,7 +923,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>Where Component1.dll and Component2.dll reflect the components to be skipped.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the WRPDllRegister Fix](http://go.microsoft.com/fwlink/p/?LinkId=690375).</p>
+<p>For more detailed information about this application fix, see [Using the WRPDllRegister Fix](https://go.microsoft.com/fwlink/p/?LinkId=690375).</p>
 </div>
 <div>
  
@@ -935,7 +935,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](http://go.microsoft.com/fwlink/p/?LinkId=690376).</p>
+<p>For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](https://go.microsoft.com/fwlink/p/?LinkId=690376).</p>
 </div>
 <div>
  
diff --git a/windows/plan/deploy-windows-10-in-a-school.md b/windows/plan/deploy-windows-10-in-a-school.md
index 590e3606e6..b451e7b8aa 100644
--- a/windows/plan/deploy-windows-10-in-a-school.md
+++ b/windows/plan/deploy-windows-10-in-a-school.md
@@ -1256,8 +1256,8 @@ Now, you have identified the tasks you need to perform monthly, at the end of an
 
 ##Related resources
 <ul>
-<li>[Try it out: Windows 10 deployment (for educational institutions)](http://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
-<li>[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
-<li>[Chromebook migration guide](http://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
+<li>[Try it out: Windows 10 deployment (for educational institutions)](https://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
+<li>[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
+<li>[Chromebook migration guide](https://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
 </ul>
 
diff --git a/windows/plan/deployment-considerations-for-windows-to-go.md b/windows/plan/deployment-considerations-for-windows-to-go.md
index 5ef6884c18..a1a32d6836 100644
--- a/windows/plan/deployment-considerations-for-windows-to-go.md
+++ b/windows/plan/deployment-considerations-for-windows-to-go.md
@@ -56,11 +56,11 @@ When a Windows To Go workspace is first used at the workplace, the Windows To Go
 When the Windows To Go workspace is going to be used first on an off-premises computer, such as one at the employee’s home, then the IT professional preparing the Windows To Go drives should configure the drive to be able to connect to organizational resources and to maintain the security of the workspace. In this situation, the Windows To Go workspace needs to be configured for offline domain join and BitLocker needs to be enabled before the workspace has been initialized.
 
 **Tip**  
-Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](http://go.microsoft.com/fwlink/p/?LinkId=619076).
+Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](https://go.microsoft.com/fwlink/p/?LinkId=619076).
 
  
 
-DirectAccess can be used to ensure that the user can login with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](http://go.microsoft.com/fwlink/p/?LinkId=619077) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](http://go.microsoft.com/fwlink/p/?LinkId=619078). If you do not want to use DirectAccess as an alternative users could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
+DirectAccess can be used to ensure that the user can login with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](https://go.microsoft.com/fwlink/p/?LinkId=619077) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=619078). If you do not want to use DirectAccess as an alternative users could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
 
 ### <a href="" id="wtg-imagedep"></a>Image deployment and drive provisioning considerations
 
@@ -155,28 +155,28 @@ The following list of commonly used Wi-Fi network adapters that are not supporte
 <td align="left"><p>Marvell</p></td>
 <td align="left"><p>Yukon 88E8001/8003/8010 PCI Gigabit Ethernet</p></td>
 <td align="left"><p>pci\ven_11ab&amp;dev_4320&amp;subsys_811a1043</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619080)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619082)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Marvell</p></td>
 <td align="left"><p>Libertas 802.11b/g Wireless</p></td>
 <td align="left"><p>pci\ven_11ab&amp;dev_1faa&amp;subsys_6b001385&amp;rev_03</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619128)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619129)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR6004 Wireless LAN Adapter</p></td>
 <td align="left"><p>sd\vid_0271&amp;pid_0401</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619086)</p>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)</p>
 <p>64-bit driver not available</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5BWB222 Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_0034&amp;subsys_20031a56</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619348)</p>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)</p>
 <p>64-bit driver not available</p></td>
 </tr>
 <tr class="odd">
@@ -189,43 +189,43 @@ The following list of commonly used Wi-Fi network adapters that are not supporte
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5005G Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_001a&amp;subsys_04181468&amp;rev_01</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619349)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619091)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Wireless-G PCI Adapter</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0301&amp;subsys_00551737&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619092)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619093)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Turbo Wireless LAN Card</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0301&amp;subsys_25611814&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619094)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619095)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Wireless LAN Card V1</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0302&amp;subsys_3a711186&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619097)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619098)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0302&amp;subsys_3c091186&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619099)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619100)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)</p></td>
 </tr>
 </tbody>
 </table>
 
  
 
-IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=619079).
+IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=619079).
 
 ### <a href="" id="wtg-appinstall"></a>Application installation and domain join
 
@@ -273,7 +273,7 @@ Enabling a system to always boot from USB first has implications that you should
 
  
 
-If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkID=618951).
+If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
 
 ### <a href="" id="stg-firmware"></a>Roaming between different firmware types
 
diff --git a/windows/plan/index.md b/windows/plan/index.md
index 1a3583938b..b692bf0504 100644
--- a/windows/plan/index.md
+++ b/windows/plan/index.md
@@ -15,11 +15,11 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
 ## In this section
 |Topic |Description |
 |------|------------|
-|[Windows 10 servicing options](windows-10-servicing-options.md) |Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process. |
+| [Windows 10 servicing overview](windows-10-servicing-options.md) | Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process. |
 |[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
 |[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
 |[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
-|[Windows Update for Business](windows-update-for-business.md) |Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. |
+| [Windows Update for Business](windows-update-for-business.md) | Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. |
 |[Windows To Go: feature overview](windows-to-go-overview.md) |Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. |
 |[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. |
 |[Change history for Plan for Windows 10 deployment](change-history-for-plan-for-windows-10-deployment.md) |This topic lists new and updated topics in the Plan for Windows 10 deployment documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
@@ -30,14 +30,9 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
 - [Deploy Windows 10 with Configuration Manager and MDT 2013 Update 1](../deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
 - [Upgrade to Windows 10 with MDT 2013 Update 1](../deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 - [Upgrade to Windows 10 with Configuration Manager](../deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
-- [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
+- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
 - [Windows 10 and Windows 10 Mobile](../index.md)
 
  
 
  
-
-
-
-
-
diff --git a/windows/plan/integration-with-management-solutions-.md b/windows/plan/integration-with-management-solutions-.md
index 83dcaee001..73206e6baf 100644
--- a/windows/plan/integration-with-management-solutions-.md
+++ b/windows/plan/integration-with-management-solutions-.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: servicing, devices
-author: TrudyHa
+author: jdeckerMS
 ---
 
 # Integration with management solutions
diff --git a/windows/plan/prepare-your-organization-for-windows-to-go.md b/windows/plan/prepare-your-organization-for-windows-to-go.md
index fabf25bc73..a5443fb11c 100644
--- a/windows/plan/prepare-your-organization-for-windows-to-go.md
+++ b/windows/plan/prepare-your-organization-for-windows-to-go.md
@@ -70,7 +70,7 @@ Because Windows To Go requires no additional software and minimal configuration,
 
 Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
 
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Office 365 ProPlus, Office 365 ProPlus subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Office 365 ProPlus or Office 365 Enterprise SKUs containing Office 365 ProPlus via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](http://go.microsoft.com/fwlink/p/?LinkId=618922).
+Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Office 365 ProPlus, Office 365 ProPlus subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Office 365 ProPlus or Office 365 Enterprise SKUs containing Office 365 ProPlus via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=618922).
 
 You should investigate other software manufacturer’s licensing requirements to ensure they are compatible with roaming usage before deploying them to a Windows To Go workspace.
 
@@ -79,7 +79,7 @@ Using Multiple Activation Key (MAK) activation is not a supported activation met
 
  
 
-See [Plan for Volume Activation](http://go.microsoft.com/fwlink/p/?LinkId=618923) for more information about these activation methods and how they can be used in your organization.
+See [Plan for Volume Activation](https://go.microsoft.com/fwlink/p/?LinkId=618923) for more information about these activation methods and how they can be used in your organization.
 
 ## Organizational unit structure and use of Group Policy Objects
 
@@ -98,14 +98,14 @@ If you configure Windows To Go drives for scenarios where drives may remain unus
 ## User account and data management
 
 
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to have the ability to get to the data that they work with and to keep it accessible when the workspace is not being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user’s profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](http://go.microsoft.com/fwlink/p/?LinkId=618924).
+People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to have the ability to get to the data that they work with and to keep it accessible when the workspace is not being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user’s profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
 
 Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
 
 ## Remote connectivity
 
 
-If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](http://go.microsoft.com/fwlink/p/?LinkId=618925).
+If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618925).
 
 ## Related topics
 
diff --git a/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md b/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
index 999d2e6956..2cce8de874 100644
--- a/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
@@ -22,9 +22,9 @@ One of the most important requirements to consider when you plan your Windows To
 ## Backup and restore
 
 
-As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](http://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
+As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
 
-If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](http://go.microsoft.com/fwlink/p/?LinkId=618924).
+If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
 
 ## BitLocker
 
@@ -47,16 +47,16 @@ We recommend that you use the **NoDefaultDriveLetter** attribute when provisioni
 
 To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
 
-For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](http://go.microsoft.com/fwlink/p/?LinkId=619103).
+For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103).
 
 ## Security certifications for Windows To Go
 
 
 Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics.
 
--   [Windows Platform Common Criteria Certification](http://go.microsoft.com/fwlink/p/?LinkId=619104)
+-   [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104)
 
--   [FIPS 140 Evaluation](http://go.microsoft.com/fwlink/p/?LinkId=619107)
+-   [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107)
 
 ## Related topics
 
diff --git a/windows/plan/setup-and-deployment.md b/windows/plan/setup-and-deployment.md
index 618c4b80a0..6705747d10 100644
--- a/windows/plan/setup-and-deployment.md
+++ b/windows/plan/setup-and-deployment.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: servicing, devices
-author: TrudyHa
+author: jdeckerMS
 ---
 
 # Setup and deployment
@@ -87,7 +87,7 @@ Windows Update for Business allows administrators to control when upgrades and u
 </tr>
 </table>
  
-Administrators can control deferral periods with Group Policy Objects by using the [Local Group Policy Editor (GPEdit)](http://go.microsoft.com/fwlink/p/?LinkId=734030) or, for domain joined systems, [Group Policy Management Console (GPMC)](http://go.microsoft.com/fwlink/p/?LinkId=699325). For additional details on Group Policy management see [Group Policy management for IT pros](http://go.microsoft.com/fwlink/p/?LinkId=699282).
+Administrators can control deferral periods with Group Policy Objects by using the [Local Group Policy Editor (GPEdit)](https://go.microsoft.com/fwlink/p/?LinkId=734030) or, for domain joined systems, [Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=699325). For additional details on Group Policy management see [Group Policy management for IT pros](https://go.microsoft.com/fwlink/p/?LinkId=699282).
 **Set different deferrals based on update classification in GPedit.msc**
 ![figure 4](images/wuforbusiness-fig4-localpoleditor.png)
 ![figure 5](images/wuforbusiness-fig5-deferupgrade.png)
@@ -157,7 +157,7 @@ Delivery Optimization configuration settings can be viewed by going to: Settings
 
 You can use Group Policy to configure Windows Update Delivery Optimization. To do this, use the following steps:
 
-1.  Download the [Administrative Templates (.admx) file for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=699283) from the Microsoft Download Center.
+1.  Download the [Administrative Templates (.admx) file for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=699283) from the Microsoft Download Center.
 2.  Copy the following files to the SYSVOL central store:
     -   DeliveryOptimization.admx from C:\\Program Files (x86)\\Microsoft Group Policy\\Windows 10\\PolicyDefinitions
     -   DeliveryOptimization.adml from C:\\Program Files (x86)\\Microsoft Group Policy\\Windows 10\\PolicyDefinitions\\en-US
@@ -172,9 +172,9 @@ You can use Group Policy to configure Windows Update Delivery Optimization. To d
 
 Microsoft scanned this file for viruses, using the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to it.
 
-For more information about Windows Update Delivery Optimization in Windows 10, see the [Windows Update Delivery Optimization FAQ](http://go.microsoft.com/fwlink/p/?LinkId=699284).
+For more information about Windows Update Delivery Optimization in Windows 10, see the [Windows Update Delivery Optimization FAQ](https://go.microsoft.com/fwlink/p/?LinkId=699284).
 
-For additional resources, see [How to use Group Policy to configure Windows Update Delivery Optimization in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=699288).
+For additional resources, see [How to use Group Policy to configure Windows Update Delivery Optimization in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=699288).
 
 ## Related topics
 
diff --git a/windows/plan/windows-10-compatibility.md b/windows/plan/windows-10-compatibility.md
index 7466117367..013a715282 100644
--- a/windows/plan/windows-10-compatibility.md
+++ b/windows/plan/windows-10-compatibility.md
@@ -6,6 +6,7 @@ keywords: deploy, upgrade, update, appcompat
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.pagetype: appcompat
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -19,13 +20,13 @@ author: mtniehaus
 
 Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
 
-For full system requirements, see [Windows 10 specifications](http://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
+For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
 
 Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
 
 Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
 
-For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](http://go.microsoft.com/fwlink/p/?LinkId=734031)
+For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](https://go.microsoft.com/fwlink/p/?LinkId=734031)
 
 ## Recommended application testing process
 
diff --git a/windows/plan/windows-10-deployment-considerations.md b/windows/plan/windows-10-deployment-considerations.md
index cefe2e8c90..9c2cb27ef4 100644
--- a/windows/plan/windows-10-deployment-considerations.md
+++ b/windows/plan/windows-10-deployment-considerations.md
@@ -4,6 +4,7 @@ description: There are new deployment options in Windows 10 that help you simpl
 ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE
 keywords: deploy, upgrade, update, in-place
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: plan
 ms.sitesec: library
 author: mtniehaus
@@ -80,7 +81,7 @@ Note that the original Windows 8 release is only supported until January 2016.
 
 For existing Windows PCs running Windows Vista, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
 
-Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the [Windows 10 software download page](http://go.microsoft.com/fwlink/p/?LinkId=625073) to acquire a new Windows 10 license from the Windows Store. For more information, refer to the [Windows 10 FAQ](http://go.microsoft.com/fwlink/p/?LinkId=625074).
+Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the [Windows 10 software download page](https://go.microsoft.com/fwlink/p/?LinkId=625073) to acquire a new Windows 10 license from the Windows Store. For more information, refer to the [Windows 10 FAQ](https://go.microsoft.com/fwlink/p/?LinkId=625074).
 
 For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
 
@@ -91,9 +92,9 @@ For organizations that do not take advantage of the free upgrade offer and are n
 
 For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
 
--   **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](http://go.microsoft.com/fwlink/p/?LinkId=625075).
+-   **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](https://go.microsoft.com/fwlink/p/?LinkId=625075).
 
--   **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=625076).
+-   **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=625076).
 
 In either of these scenarios, you can make a variety of configuration changes to the PC:
 
diff --git a/windows/plan/windows-10-infrastructure-requirements.md b/windows/plan/windows-10-infrastructure-requirements.md
index f8a5b10095..be533cabf2 100644
--- a/windows/plan/windows-10-infrastructure-requirements.md
+++ b/windows/plan/windows-10-infrastructure-requirements.md
@@ -5,6 +5,7 @@ ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64
 keywords: deploy, upgrade, update, hardware
 ms.prod: w10
 ms.mktglfcycl: plan
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -28,11 +29,11 @@ For persistent VDI environments, carefully consider the I/O impact from upgradin
 ## Deployment tools
 
 
-A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](http://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1.
+A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1.
 
 Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
 
-Microsoft Deployment Toolkit 2013 Update 1, available for download [here](http://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades.
+Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades.
 
 For System Center Configuration Manager, Windows 10 support is offered with various releases:
 
@@ -49,7 +50,7 @@ For more details about System Center Configuration Manager support for Windows 
 ## Management tools
 
 
-In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](http://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](http://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](http://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
+In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
 
 No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
 
@@ -65,9 +66,9 @@ Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 
 
  
 
-For more information, see the [MDOP TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=625090).
+For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090).
 
-For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=625084) for more information.
+For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information.
 
 Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
 
@@ -81,7 +82,7 @@ Windows Server Update Services (WSUS) requires some additional configuration to
 
 Figure 1. WSUS product list with Windows 10 choices
 
-Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](http://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.)
+Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.)
 
 ## Activation
 
@@ -91,15 +92,15 @@ Windows 10 volume license editions of Windows 10 will continue to support all
 | Product                                | Required update                                                                             |
 |----------------------------------------|---------------------------------------------------------------------------------------------|
 | Windows 10                             | None                                                                                        |
-| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](http://go.microsoft.com/fwlink/p/?LinkId=625087) |
-| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](http://go.microsoft.com/fwlink/p/?LinkId=625087) |
+| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
+| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
 | Windows Server 2008 R2 and Windows 7   | Available by October 2015                                                                   |
 
  
 
 Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
 
--   Sign into the [Volume Licensing Service Center (VLSC)](http://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
+-   Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
 
 -   For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
 
diff --git a/windows/plan/windows-10-servicing-options.md b/windows/plan/windows-10-servicing-options.md
index 00418ae8ae..83af9a41f3 100644
--- a/windows/plan/windows-10-servicing-options.md
+++ b/windows/plan/windows-10-servicing-options.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.pagetype: servicing
 ms.sitesec: library
-author: greg-lindsay
+author: jdeckerMS
 ---
 
 # Windows 10 servicing overview
diff --git a/windows/plan/windows-to-go-frequently-asked-questions.md b/windows/plan/windows-to-go-frequently-asked-questions.md
index a9f0dfee6c..8170500400 100644
--- a/windows/plan/windows-to-go-frequently-asked-questions.md
+++ b/windows/plan/windows-to-go-frequently-asked-questions.md
@@ -127,7 +127,7 @@ Windows To Go can be deployed using standard Windows deployment tools like Diskp
 
 -   A Windows 10 Enterprise or Windows 10 Education host PC that can be used to provision new USB keys
 
-You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](http://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
+You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
 
 ## <a href="" id="wtg-faq-usbvs"></a>Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?
 
@@ -152,7 +152,7 @@ Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows
 ## <a href="" id="wtg-faq-selfpro"></a>Can the user self-provision Windows To Go?
 
 
-Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise and Windows 10 Education. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](http://go.microsoft.com/fwlink/p/?LinkID=618746).
+Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise and Windows 10 Education. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
 
 ## <a href="" id="wtg-faq-mng"></a>How can Windows To Go be managed in an organization?
 
@@ -186,7 +186,7 @@ After you have entered firmware setup, make sure that boot from USB is enabled.
 
 Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis.
 
-For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkID=618951).
+For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
 
 **Warning**  
 Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
@@ -312,7 +312,7 @@ The size constraints are the same as full Windows. To ensure that you have enoug
 ## <a href="" id="wtg-faq-roamact"></a>Do I need to activate Windows To Go every time I roam?
 
 
-No, Windows To Go requires volume activation; either using the [Key Management Service](http://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days.
+No, Windows To Go requires volume activation; either using the [Key Management Service](https://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days.
 
 ## <a href="" id="wtg-faq-features"></a>Can I use all Windows features on Windows To Go?
 
@@ -346,12 +346,12 @@ Yes. You can use a combination of identifiers to determine if the currently runn
 
 Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
 
-For more information, see the MSDN article on the [Win32\_OperatingSystem class](http://go.microsoft.com/fwlink/p/?LinkId=619059).
+For more information, see the MSDN article on the [Win32\_OperatingSystem class](https://go.microsoft.com/fwlink/p/?LinkId=619059).
 
 ## <a href="" id="wtg-faq-lic"></a>How is Windows To Go licensed?
 
 
-Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](http://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
+Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
 
 ## <a href="" id="wtg-faq-recovery"></a>Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive?
 
@@ -383,7 +383,7 @@ You can reset the BitLocker system measurements to incorporate the new boot orde
 
     A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive.
 
-4.  Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
+4.  Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
 
 5.  Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.)
 
@@ -410,7 +410,7 @@ Reformatting the drive erases the data on the drive, but doesn’t reconfigure t
 
      
 
-2.  Start the [diskpart](http://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt.
+2.  Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt.
 
 3.  Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available.
 
@@ -433,9 +433,9 @@ There is no support in Windows for upgrading a Windows To Go drive. Deployed Win
 ## Additional resources
 
 
--   [Windows 10 forums](http://go.microsoft.com/fwlink/p/?LinkId=618949)
+-   [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
 
--   [Windows To Go Step by Step Wiki](http://go.microsoft.com/fwlink/p/?LinkId=618950)
+-   [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
 
 -   [Windows To Go: feature overview](windows-to-go-overview.md)
 
diff --git a/windows/plan/windows-to-go-overview.md b/windows/plan/windows-to-go-overview.md
index f00dfb55ea..4b1d981e94 100644
--- a/windows/plan/windows-to-go-overview.md
+++ b/windows/plan/windows-to-go-overview.md
@@ -19,7 +19,7 @@ author: mtniehaus
 
 Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
 
-PCs that meet the Windows 7 or later [certification requirements](http://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
+PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
 
 -   [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif)
 
@@ -63,7 +63,7 @@ The applications that you want to use from the Windows To Go workspace should be
 
 Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
 
-These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available.
+These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available.
 
 **Important**  
 Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported.
@@ -104,26 +104,26 @@ Using a USB drive that has not been certified is not supported
 
  
 
--   IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](http://go.microsoft.com/fwlink/p/?LinkId=618714))
+-   IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714))
 
--   IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](http://go.microsoft.com/fwlink/p/?LinkId=618717))
+-   IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717))
 
--   IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](http://go.microsoft.com/fwlink/p/?LinkId=618718))
+-   IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718))
 
--   Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](http://go.microsoft.com/fwlink/p/?LinkId=618719))
+-   Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
 
--   Spyrus Portable Workplace ([http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720))
+-   Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
 
     We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace.
 
--   Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720))
+-   Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
 
     **Important**  
-    You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720).
+    You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720).
 
      
 
--   Spyrus Worksafe ([http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720))
+-   Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
 
     **Tip**  
     This device contains an embedded smart card.
@@ -136,11 +136,11 @@ Using a USB drive that has not been certified is not supported
 
     Super Talent Express RC8 for Windows To Go
 
-    ([http://www.supertalent.com/wtg/](http://go.microsoft.com/fwlink/p/?LinkId=618721))
+    ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721))
 
--   Western Digital My Passport Enterprise ([http://www.wd.com/wtg](http://go.microsoft.com/fwlink/p/?LinkId=618722))
+-   Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
 
-    We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](http://go.microsoft.com/fwlink/p/?LinkId=618722)
+    We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
 
 **For host computers**
 
@@ -249,16 +249,16 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your W
 ## Additional resources
 
 
--   [Windows 10 forums](http://go.microsoft.com/fwlink/p/?LinkId=618949)
+-   [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
 
--   [Windows To Go Step by Step Wiki](http://go.microsoft.com/fwlink/p/?LinkId=618950)
+-   [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
 
--   [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951)
+-   [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
 
 ## Related topics
 
 
--   [Deploy Windows To Go in your organization](http://go.microsoft.com/fwlink/p/?LinkId=619975)
+-   [Deploy Windows To Go in your organization](https://go.microsoft.com/fwlink/p/?LinkId=619975)
 
 -   [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
 
diff --git a/windows/plan/windows-update-for-business.md b/windows/plan/windows-update-for-business.md
index 67c4200203..93dcee04ac 100644
--- a/windows/plan/windows-update-for-business.md
+++ b/windows/plan/windows-update-for-business.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: servicing; devices
-author: TrudyHa
+author: jdeckerMS
 ---
 
 # Windows Update for Business
@@ -19,12 +19,12 @@ Get an overview of how you can implement and deploy a Windows Update for Busines
 
 ## Introduction
 
-Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
+Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 -   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
--   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281).
+-   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281).
 
-Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://go.microsoft.com/fwlink/p/?LinkId=734043) and [System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=734044).
+Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://go.microsoft.com/fwlink/p/?LinkId=734043) and [System Center Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=734044).
 
 ## Deploy Windows Update for Business in your organization
 
diff --git a/windows/whats-new/applocker.md b/windows/whats-new/applocker.md
index 3cfd7a6582..2e082cd98c 100644
--- a/windows/whats-new/applocker.md
+++ b/windows/whats-new/applocker.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in AppLocker?
diff --git a/windows/whats-new/bitlocker.md b/windows/whats-new/bitlocker.md
index 6db25cd066..9f0df242bf 100644
--- a/windows/whats-new/bitlocker.md
+++ b/windows/whats-new/bitlocker.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in BitLocker?
diff --git a/windows/whats-new/change-history-for-what-s-new-in-windows-10.md b/windows/whats-new/change-history-for-what-s-new-in-windows-10.md
index 750a878d7d..a38cbf4702 100644
--- a/windows/whats-new/change-history-for-what-s-new-in-windows-10.md
+++ b/windows/whats-new/change-history-for-what-s-new-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: TrudyHa
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/index
 ---
 
 # Change history for What's new in Windows 10
diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md
new file mode 100644
index 0000000000..9b385aa076
--- /dev/null
+++ b/windows/whats-new/contribute-to-a-topic.md
@@ -0,0 +1,71 @@
+---
+title: Edit an existing topic using the Contribute link
+description: Instructions about how to edit an existing topic by using the Contribute link.
+keywords: contribute, edit a topic
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Edit an existing topic using the Contribute link
+You can now make suggestions and update existing, public content with a GitHub account and a simple click of a link.
+
+>**Note**<br>
+>At this time, only the English (en-us) content is available for editing.
+
+**To edit a topic**
+
+1. All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before contributing to any Microsoft repositories. 
+If you've already contributed to Microsoft repositories in the past, congratulations! 
+You've already completed this step.
+
+2. Go to the page on TechNet that you want to update, and then click **Contribute**.
+
+    ![GitHub Web, showing the Contribute link](images/contribute-link.png)
+
+3. Log into (or sign up for) a GitHub account.
+    
+    You must have a GitHub account to get to the page that lets you edit a topic.
+
+4. Click the **Pencil** icon (in the red box) to edit the content.
+
+    ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
+
+5.	Using markdown language, make your changes to the topic. For info about how to edit content using markdown, see:
+    - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
+    
+    - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) 
+
+6.	Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+
+       ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png)
+
+7. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+
+    ![GitHub Web, showing the Propose file change button](images/propose-file-change.png)
+
+    The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+
+8.	On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+
+    If there are no problems, you’ll see the message, **Able to merge**.
+
+    ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png)
+
+9.	Click **Create pull request**.
+
+10.	Enter a title and description to give the approver the appropriate context about what’s in the request.
+
+11.	Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+
+12.	Click **Create pull request** again to actually submit the pull request.
+
+    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
+
+    - [Windows 10](https://technet.microsoft.com/itpro/windows)
+    - [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer)
+    - [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge)
+    - [Surface](https://technet.microsoft.com/itpro/surface)
+    - [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
+    - [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+    - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop)
\ No newline at end of file
diff --git a/windows/whats-new/device-guard-overview.md b/windows/whats-new/device-guard-overview.md
index 4009a8845d..e42271af40 100644
--- a/windows/whats-new/device-guard-overview.md
+++ b/windows/whats-new/device-guard-overview.md
@@ -8,7 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # Device Guard overview
@@ -26,7 +26,7 @@ For details on how to implement Device Guard, see [Device Guard deployment guide
 
 ## Why use Device Guard
 With thousands of new malicious files created every day, using traditional methods like signature-based detection to fight against malware provides an inadequate defense against new attacks. Device Guard on Windows 10 Enterprise changes from a mode where apps are trusted unless blocked by an antivirus or other security solutions, to a mode where the operating system trusts only apps authorized by your enterprise.
-Device Guard also helps protect against [zero day attacks](http://go.microsoft.com/fwlink/p/?linkid=534209) and works to combat the challenges of [polymorphic viruses](http://go.microsoft.com/fwlink/p/?LinkId=534210).
+Device Guard also helps protect against [zero day attacks](https://go.microsoft.com/fwlink/p/?linkid=534209) and works to combat the challenges of [polymorphic viruses](https://go.microsoft.com/fwlink/p/?LinkId=534210).
 ## Virtualization-based security using Windows 10 Enterprise Hypervisor
 
 Windows 10 Enterprise Hypervisor introduces new capabilities around virtual trust levels, which helps Windows 10 Enterprise services to run in a protected environment, in isolation from the running operating system. Windows 10 Enterprise virtualization-based security helps protect kernel code integrity and helps to provide credential isolation for the local security authority (LSA). Letting the Kernel Code Integrity service run as a hypervisor-hosted service increases the level of protection around the root operating system, adding additional protections against any malware that compromises the kernel layer. 
diff --git a/windows/whats-new/images/compare-changes.png b/windows/whats-new/images/compare-changes.png
new file mode 100644
index 0000000000..0d86db70f5
Binary files /dev/null and b/windows/whats-new/images/compare-changes.png differ
diff --git a/windows/whats-new/images/contribute-link.png b/windows/whats-new/images/contribute-link.png
new file mode 100644
index 0000000000..6b17e6dd56
Binary files /dev/null and b/windows/whats-new/images/contribute-link.png differ
diff --git a/windows/whats-new/images/pencil-icon.png b/windows/whats-new/images/pencil-icon.png
new file mode 100644
index 0000000000..82fe7852dd
Binary files /dev/null and b/windows/whats-new/images/pencil-icon.png differ
diff --git a/windows/whats-new/images/preview-changes.png b/windows/whats-new/images/preview-changes.png
new file mode 100644
index 0000000000..f98b2c6443
Binary files /dev/null and b/windows/whats-new/images/preview-changes.png differ
diff --git a/windows/whats-new/images/propose-file-change.png b/windows/whats-new/images/propose-file-change.png
new file mode 100644
index 0000000000..aedbc07b16
Binary files /dev/null and b/windows/whats-new/images/propose-file-change.png differ
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index a49967a2c0..ff170bce3b 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -2,7 +2,7 @@
 title: What's new in Windows 10 (Windows 10)
 description: Learn about new features in Windows 10 for IT professionals, such as Enterprise Data Protection, Microsoft Passport, Device Guard, and more.
 ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
-keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"]
+keywords: ["What's new in Windows 10", "Windows 10", "anniversary update", "contribute", "edit topic"]
 ms.prod: w10
 author: TrudyHa
 localizationpriority: high
@@ -19,16 +19,15 @@ Windows 10 provides IT professionals with advanced protection against modern sec
 - [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
 
 
-
- 
+- [Edit an existing topic using the Contribute link](contribute-to-a-topic.md)
 
 ## Learn more
 
 - [Windows 10 roadmap](https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap)
 - [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info)
 - [Windows 10 update history](https://support.microsoft.com/en-us/help/12387/windows-10-update-history)
-- [Windows 10 content from Microsoft Ignite](http://go.microsoft.com/fwlink/p/?LinkId=613210)
-- [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkId=690485)
+- [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210)
+- [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkId=690485)
 
 
 
diff --git a/windows/whats-new/security-auditing.md b/windows/whats-new/security-auditing.md
index 8890adb735..8683fc520d 100644
--- a/windows/whats-new/security-auditing.md
+++ b/windows/whats-new/security-auditing.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
 ms.pagetype: security, mobile
-redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/security-auditing-overview
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in security auditing?
@@ -21,7 +21,7 @@ Security auditing is one of the most powerful tools that you can use to maintain
 
 ## New features in Windows 10, version 1511
 
--   The [WindowsSecurityAuditing](http://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](http://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
+-   The [WindowsSecurityAuditing](https://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](https://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
 
 ## New features in Windows 10
 
diff --git a/windows/whats-new/security.md b/windows/whats-new/security.md
index ae44b5893e..f2d45edd95 100644
--- a/windows/whats-new/security.md
+++ b/windows/whats-new/security.md
@@ -190,8 +190,8 @@ Table 1. Windows 10 hardware requirements
 In this table, **R** stands for *recommended*, **Y** means that the hardware component is *required* for that Windows 10 feature, and **N** means that the hardware component is *not used* with that Windows 10 feature.
  
 ## Related topics
-[Windows 10 Specifications](http://go.microsoft.com/fwlink/p/?LinkId=717550)
-[Making Windows 10 More Personal and More Secure with Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=717551)
+[Windows 10 Specifications](https://go.microsoft.com/fwlink/p/?LinkId=717550)
+[Making Windows 10 More Personal and More Secure with Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=717551)
 [Protect BitLocker from pre-boot attacks](../keep-secure/protect-bitlocker-from-pre-boot-attacks.md)
 [BitLocker Countermeasures](../keep-secure/bitlocker-countermeasures.md)
 [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md)
diff --git a/windows/whats-new/user-account-control.md b/windows/whats-new/user-account-control.md
index 3d41d3ca1d..4a670324d3 100644
--- a/windows/whats-new/user-account-control.md
+++ b/windows/whats-new/user-account-control.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in User Account Control?
diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
index 1e0c6c19dd..4dcad74254 100644
--- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
+++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
@@ -70,7 +70,7 @@ With Windows 10, you can create provisioning packages that let you quickly and e
 ### Easier certificate management
 
 
-For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](http://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](~/keep-secure/installing-digital-certificates-on-windows-10-mobile.md)
+For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](https://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](~/keep-secure/installing-digital-certificates-on-windows-10-mobile.md)
 
 ### Microsoft Passport
 
@@ -82,7 +82,7 @@ Microsoft Passport lets users authenticate to a Microsoft account, an Active Dir
 
 #### New Security auditing features in Windows 10, version 1511
 
--   The [WindowsSecurityAuditing](http://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](http://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
+-   The [WindowsSecurityAuditing](https://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](https://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
 
 #### New features in Windows 10, version 1507
 
@@ -249,9 +249,9 @@ Windows 10 provides mobile device management (MDM) capabilities for PCs, laptop
 
 MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Azure Active Directory (Azure AD) accounts, full control over the Windows Store, VPN configuration, and more. 
 
-MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](http://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification.
+MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](https://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification.
 
-Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=533172)
+Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=533172)
 
 ### Unenrollment
 
@@ -272,7 +272,7 @@ Enterprises have the following identity and management choices.
 | Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
 
  > **Note**  
-With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](http://go.microsoft.com/fwlink/p/?LinkID=613512).
+With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512).
 
  
 ### Device lockdown
@@ -310,13 +310,13 @@ For more information, see [Windows Store for Business overview](../manage/window
 
 Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service.
 
-By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
+By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 
 -   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
 
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
 
--   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281).
+-   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281).
 
 Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](http://technet.microsoft.com/library/gg682129.aspx).
 
@@ -334,7 +334,7 @@ Microsoft Edge takes you beyond just browsing to actively engaging with the web
 -   **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
 
 ### Enterprise guidance
-Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956).
+Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
 
 We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index 5d509f5ee2..7eb664abab 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -50,6 +50,15 @@ The Upgrade Analytics workflow steps you through the discovery and rationalizati
 
 [Learn more about planning and managing Windows upgrades with Windows Upgrade Analytics.](../deploy/manage-windows-upgrades-with-upgrade-analytics.md)
 
+## Windows updates
+
+Windows 10, version 1607, provides administrators with increased control over updates by changing the update deferral increment from weeks to days. Other changes:
+ 
+- Quality Updates can be deferred up to 30 days and paused for 35 days
+- Feature Updates can be deferred up to 180 days and paused for 60 days
+- Update deferrals can be applied to both Current Branch (CB) and Current Branch for Business (CBB)
+- Drivers can be excluded from udpates
+
 ## Security
 
 ### Credential Guard and Device Guard
diff --git a/windows/whats-new/windows-update-for-business.md b/windows/whats-new/windows-update-for-business.md
index 524ca03a0a..4b69cf6ecd 100644
--- a/windows/whats-new/windows-update-for-business.md
+++ b/windows/whats-new/windows-update-for-business.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: TrudyHa
-redirect_url: /whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in Windows Update for Business?
@@ -21,13 +21,13 @@ Windows Update for Business enables information technology administrators to kee
 ## Benefits of Windows Update for Business
 
 
-By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
+By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 
 -   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
 
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
 
--   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281).
+-   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281).
 
 Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](http://technet.microsoft.com/library/gg682129.aspx).