From a590eff3bfebb3a90fd078b0bc86cb829e79f53c Mon Sep 17 00:00:00 2001
From: JanKeller1 <v-jak@microsoft.com>
Date: Tue, 3 Jan 2017 10:30:25 -0800
Subject: [PATCH 1/9] Fixed broken table formatting

---
 windows/keep-secure/working-with-applocker-rules.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/keep-secure/working-with-applocker-rules.md b/windows/keep-secure/working-with-applocker-rules.md
index 26270475b6..c6fd38667f 100644
--- a/windows/keep-secure/working-with-applocker-rules.md
+++ b/windows/keep-secure/working-with-applocker-rules.md
@@ -89,6 +89,7 @@ The following table describes how a publisher condition is applied.
 
 
 | Option | The publisher condition allows or denies… |
+|---|---|
 | **All signed files** | All files that are signed by any publisher.| 
 | **Publisher only**| All files that are signed by the named publisher.| 
 | **Publisher and product name**| All files for the specified product that are signed by the named publisher.| 

From 010b119fcd7e640fa97381d04aaf547965318da9 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 10:01:30 -0800
Subject: [PATCH 2/9] format

---
 windows/manage/configure-devices-without-mdm.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md
index d5f5cf6cc2..04ba35f499 100644
--- a/windows/manage/configure-devices-without-mdm.md
+++ b/windows/manage/configure-devices-without-mdm.md
@@ -107,10 +107,10 @@ When you run Windows ICD, you have several options for creating your package.
 
     > [!WARNING]
     > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
-    
-    - Use a least-privileged domain account to join the device to the domain.
-    - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
-    - [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.
+    >
+    >- Use a least-privileged domain account to join the device to the domain.
+    >- Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
+    >- [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.
     
 9. Click **Finish**.
 10. Review your settings in the summary. You can return to previous pages to change your selections. Then, under **Protect your package**, toggle **Yes** or **No** to encrypt the provisioning package. If you select **Yes**, enter a password. This password must be entered to apply the encrypted provisioning package.

From 87eba233b1d6f1690d13e45c96b3a6556dcca04e Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 11:32:32 -0800
Subject: [PATCH 3/9] update link and cable support

---
 devices/surface-hub/connect-and-display-with-surface-hub.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 895bb29632..fb9c865cc0 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -251,7 +251,7 @@ In Replacement PC Mode, Surface Hub supports any graphics adapter that can produ
 
 **55" Surface Hubs** - For best experience, use a graphics card capable of 1080p resolution at 120Hz.
 
-**84" Surface Hubs** - For best experience, use a graphics card capable of outputting four DisplayPort 1.2 streams to produce 2160p at 120Hz (3840 x 2160 at 120Hz vertical refresh). We've verified that this works with the NVIDIA Quadro K2200, NVIDIA Quadro K4200, and NVIDIA Quadro M6000. These are not the only graphics cards - others are available from other vendors. 
+**84" Surface Hubs** - For best experience, use a graphics card capable of outputting four DisplayPort 1.2 streams to produce 2160p at 120Hz (3840 x 2160 at 120Hz vertical refresh). We've verified that this works with the NVIDIA Quadro K2200, NVIDIA Quadro K4200, NVIDIA Quadro M6000, AMD FirePro W5100, AMD FirePro W7100, and AMD FirePro W9100. These are not the only graphics cards - others are available from other vendors. 
 
 Check directly with graphics card vendors for the latest drivers.
 
@@ -273,7 +273,7 @@ Check directly with graphics card vendors for the latest drivers.
 </tr>
 <tr class="even">
 <td><p>AMD</p></td>
-<td><p>[http://support.amd.com/download](http://support.amd.com/download)</p></td>
+<td><p>[http://support.amd.com/download](http://support.amd.com/en-us/download)</p></td>
 </tr>
 <tr class="odd">
 <td><p>Intel</p></td>

From 50123734da5c1adeaae9e211db5b42e4d76f7eac Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 11:53:06 -0800
Subject: [PATCH 4/9] correct link text

---
 devices/surface-hub/connect-and-display-with-surface-hub.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index fb9c865cc0..c715a84215 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -273,7 +273,7 @@ Check directly with graphics card vendors for the latest drivers.
 </tr>
 <tr class="even">
 <td><p>AMD</p></td>
-<td><p>[http://support.amd.com/download](http://support.amd.com/en-us/download)</p></td>
+<td><p>[http://support.amd.com/en-us/download](http://support.amd.com/en-us/download)</p></td>
 </tr>
 <tr class="odd">
 <td><p>Intel</p></td>

From af1c2d24247b7769173b5a6ce43668fd0ff08aab Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 12:20:15 -0800
Subject: [PATCH 5/9] cable

---
 devices/surface-hub/connect-and-display-with-surface-hub.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index c715a84215..3febb60ff6 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -470,6 +470,11 @@ Video Out port on the 84" Surface Hub
 </tbody>
 </table>
 
+## Cables
+
+Both the 55” and 84” Surface Hub devices have been tested to work with Certified DisplayPort and HDMI cables.  While vendors do sell longer cables that may work with the Surface Hub, only those cables that have been certified by testing labs are certain to work with the Hub. For example, DisplayPort cables are certified only up to 3 meters, however many vendors sell cables that are 3 times that length. If a long cable is necessary, we strongly suggest using HDMI.  HDMI has many cost-effective solutions for long-haul cables, including the use of repeaters. Nearly every DisplayPort source will automatically switch to HDMI signaling if a HDMI sink is detected.
+
+
 ## Bluetooth accessories
 
 You can connect the following accessories to Surface Hub using Bluetooth:

From 73253561955c77ce6f3bb545ae0981b69545262b Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 12:23:06 -0800
Subject: [PATCH 6/9] added changes

---
 devices/surface-hub/change-history-surface-hub.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index f974394314..f85267c41d 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -14,6 +14,12 @@ localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## January 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. |
+
 ## December 2016
 
 | New or changed topic | Description|

From e9a601a1c97a7d5e0e2a7f25c532411dca3556eb Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 4 Jan 2017 07:41:31 -0800
Subject: [PATCH 7/9] fix language

---
 ...gital-certificates-on-windows-10-mobile.md | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 11d5fe781d..6a3da87dd1 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -24,8 +24,8 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 -   For installation and licensing of applications (from the Windows Phone Store or a custom company distribution site).
 
 
-**Warning**  
-In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
+>[!WARNING}  
+>In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
 
 ## Install certificates using Microsoft Edge
 
@@ -33,12 +33,13 @@ A certificate can be posted on a website and made available to users through a d
 
 ## Install certificates using email
 
-The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx files. To install certificates via email, make sure your mail filters do not block .cer files. Certificates that are sent via email appear as message attachments. When a certificate is received, a user can tap to review the contents and then tap to install the certificate. Typically, when an identity certificate is installed, the user is prompted for the password (or passphrase) that protects it.
+The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx files. Some email programs block .cer files for security reasons. If this is the case in your organization, use an alternative method to deploy the certificate. Certificates that are sent via email appear as message attachments. When a certificate is received, a user can tap to review the contents and then tap to install the certificate. Typically, when an identity certificate is installed, the user is prompted for the password (or passphrase) that protects it.
 
 ## Install certificates using mobile device management (MDM)
 
 Windows 10 Mobile supports root, CA, and client certificate to be configured via MDM. Using MDM, an administrator can directly add, delete, or query root and CA certificates, and configure the device to enroll a client certificate with a certificate enrollment server that supports Simple Certificate Enrollment Protocol (SCEP). SCEP enrolled client certificates are used by Wi-Fi, VPN, email, and browser for certificate-based client authentication. An MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
-> **Warning:**  Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
+>[!WARNING]
+>Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
  
 **Process of installing certificates using MDM**
 
@@ -50,14 +51,17 @@ Windows 10 Mobile supports root, CA, and client certificate to be configured vi
 6.  The device connects to Internet-facing point exposed by MDM server.
 7.  MDM server creates a certificate that is signed with proper CA certificate and returns it to device.
 
-    > **Note:**  The device supports the pending function to allow server side to do additional verification before issuing the cert. In this case, a pending status is sent back to the device. The device will periodically contact the server, based on preconfigured retry count and retry period parameters. Retrying ends when either:
-    A certificate is successfully received from the server
-    The server returns an error
-    The number of retries reaches the preconfigured limit
+    >[!NOTE]
+    >The device supports the pending function to allow server side to do additional verification before issuing the cert. In this case, a pending status is sent back to the device. The device will periodically contact the server, based on preconfigured retry count and retry period parameters. Retrying ends when either:
+    >
+    >- A certificate is successfully received from the server
+    >- The server returns an error
+    >- The number of retries reaches the preconfigured limit
      
 8.  The cert is installed in the device. Browser, Wi-Fi, VPN, email, and other first party applications have access to this certificate.
 
-    > **Note:**  If MDM requested private key being stored in Trusted Process Module (TPM) (configured during enrollment request), the private key will be saved in TPM. Note that SCEP enrolled cert protected by TPM isn’t guarded by a PIN. However, if the certificate is imported to the Passport for Work Key Storage Provider (KSP), it is guarded by the Passport PIN.
+    >[!NOTE]
+    >If MDM requested private key being stored in Trusted Process Module (TPM) (configured during enrollment request), the private key will be saved in TPM. Note that SCEP enrolled cert protected by TPM isn’t guarded by a PIN. However, if the certificate is imported to the Windows Hello for Business Key Storage Provider (KSP), it is guarded by the Hello PIN.
      
 ## Related topics
 

From 0c8480823d6a8ea11524fe8c076a91b3e1ebaa04 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 4 Jan 2017 07:55:19 -0800
Subject: [PATCH 8/9] format fix

---
 .../installing-digital-certificates-on-windows-10-mobile.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 6a3da87dd1..670b8ba4a7 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -24,7 +24,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 -   For installation and licensing of applications (from the Windows Phone Store or a custom company distribution site).
 
 
->[!WARNING}  
+>[!WARNING]  
 >In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
 
 ## Install certificates using Microsoft Edge

From 491f3ff5d424e2ef8f4efd393dd267fa5e0ef874 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 4 Jan 2017 07:56:55 -0800
Subject: [PATCH 9/9] sync

---
 .../installing-digital-certificates-on-windows-10-mobile.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 670b8ba4a7..1e16d409a2 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -61,7 +61,7 @@ Windows 10 Mobile supports root, CA, and client certificate to be configured vi
 8.  The cert is installed in the device. Browser, Wi-Fi, VPN, email, and other first party applications have access to this certificate.
 
     >[!NOTE]
-    >If MDM requested private key being stored in Trusted Process Module (TPM) (configured during enrollment request), the private key will be saved in TPM. Note that SCEP enrolled cert protected by TPM isn’t guarded by a PIN. However, if the certificate is imported to the Windows Hello for Business Key Storage Provider (KSP), it is guarded by the Hello PIN.
+    >If MDM requested private key stored in Trusted Process Module (TPM) (configured during enrollment request), the private key will be saved in TPM. Note that SCEP enrolled cert protected by TPM isn’t guarded by a PIN. However, if the certificate is imported to the Windows Hello for Business Key Storage Provider (KSP), it is guarded by the Hello PIN.
      
 ## Related topics