diff --git a/windows/keep-secure/images/vpn-intune-policy.png b/windows/keep-secure/images/vpn-intune-policy.png
new file mode 100644
index 0000000000..4224979bbd
Binary files /dev/null and b/windows/keep-secure/images/vpn-intune-policy.png differ
diff --git a/windows/keep-secure/vpn-authentication.md b/windows/keep-secure/vpn-authentication.md
index 03ce74ee7d..c9f9f2b9a7 100644
--- a/windows/keep-secure/vpn-authentication.md
+++ b/windows/keep-secure/vpn-authentication.md
@@ -15,7 +15,25 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
-In addition to older and less-secure password-based authentication methods (which should be avoided), the Inbox solution utilizes EAP to provide secure authentication using both username/password and certificate-based methods.  
+In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
+
+Windows supports a number of EAP authentication methods. 
+
+<table>
+<thead><tr><th>Method</th><th>Details</th></thead>
+<tbody>
+<tr><td>EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)</td><td><ul><li>User name and password authentication</li><li>Winlogon credentials - can specify authentication with computer sign-in credentials</li></ul></td></tr>
+<tr><td>EAP-Transport Layer Security (EAP-TLS) </td><td><ul><li>Supports the following types of certificate authentication<ul><li>Certificate with keys in the software Key Storage Provider (KSP)</li><li>Certificate with keys in Trusted Platform Module (TPM) KSP</li><li>Smart card certficates</li><li>Windows Hello for Business certificate</li></ul></li><li>Certificate filtering<ul><li>Certificate filtering can be enabled to search for a particular certificate to use to authenticate with</li><li>Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based</li></ul></li><li>Server validation - with TLS, server validation can be toggled on or off<ul><li>Server name - specify the server to validate</li><li>Server certificate - trusted root certificate to validate the server</li><li>Notification - specify if the user should get a notification asking whether to trust the server or not</li></ul></li></ul></td></tr>
+<tr><td>Protected Extensible Authentication Protocol (PEAP)</td><td></td></tr>
+<tr><td>Tunneled Transport Layer Security (TTLS)</td><td></td></tr></tbody>
+</table>
+</br>
+
+
+## Configure authentication
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
+
 
 
 
diff --git a/windows/keep-secure/vpn-connection-type.md b/windows/keep-secure/vpn-connection-type.md
index 33017b38a8..9347844294 100644
--- a/windows/keep-secure/vpn-connection-type.md
+++ b/windows/keep-secure/vpn-connection-type.md
@@ -25,21 +25,21 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and
 
 - Tunneling protocols
 
-    - [Internet Key Exchange version 2 (IKEv2)](https://technet.microsoft.com/en-us/library/ff687731.aspx)
+    - [Internet Key Exchange version 2 (IKEv2)](https://technet.microsoft.com/library/ff687731.aspx)
 
         Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
     
-        Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+        Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
            
-    - [L2TP](https://technet.microsoft.com/en-us/library/ff687761.aspx)
+    - [L2TP](https://technet.microsoft.com/library/ff687761.aspx)
 
         Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
     
-        L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+        L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
     
-    - [PPTP](https://technet.microsoft.com/en-us/library/ff687676.aspx)
+    - [PPTP](https://technet.microsoft.com/library/ff687676.aspx)
 
-    - [SSTP](https://technet.microsoft.com/en-us/library/ff687819.aspx)
+    - [SSTP](https://technet.microsoft.com/library/ff687819.aspx)
 
         SSTP is supported for Windows desktop editions only. SSTP cannot be configured using mobile device management (MDM), but it is one of the protocols attempted in the **Automatic** option.
         
@@ -47,7 +47,7 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and
 
     The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt from most secure to least secure. 
 
-    Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+    Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
     
   
  
@@ -59,7 +59,7 @@ There are a number of Universal Windows Platform VPN applications, such as Pulse
 
 ## Configure connection type
 
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx) for XML configuration. 
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
 
 The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune.
 
diff --git a/windows/keep-secure/vpn-guide.md b/windows/keep-secure/vpn-guide.md
index 81bb28f39e..7914168eeb 100644
--- a/windows/keep-secure/vpn-guide.md
+++ b/windows/keep-secure/vpn-guide.md
@@ -16,7 +16,9 @@ localizationpriority: high
 - Windows 10
 - Windows 10 Mobile
 
-This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx). 
+This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10.
+
+![Intune VPN policy template](images/vpn-intune-policy.png)
 
 >[!NOTE]
 >This guide does not explain server deployment. It lists server dependencies, when relevant. 
@@ -36,7 +38,9 @@ This guide will walk you through the decisions you will make for Windows 10 clie
 | [VPN profile options](vpn-profile-options.md)  | combine settings into single profile using XML |
 
 
-
+## Learn more
+
+- [VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
 
 
 
diff --git a/windows/keep-secure/vpn-routing.md b/windows/keep-secure/vpn-routing.md
index 9995b93d37..46e89c359e 100644
--- a/windows/keep-secure/vpn-routing.md
+++ b/windows/keep-secure/vpn-routing.md
@@ -21,7 +21,7 @@ Network routes are required to forward traffic across the VPN interface. One of
 
 In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface. 
 
-Routes can be configured using the VPNv2//*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+Routes can be configured using the VPNv2//*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
  
 For each route item in the list the following can be specified: 
 
@@ -44,6 +44,8 @@ For a UWP VPN plug-in, this property is directly controlled by the app. If the V
 
 ## Configure routing
 
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
+
 When you configure a VPN profile in Microsoft Intune, you select a checkbox to enable split tunnel configuration.
 
 ![split tunnel](images/vpn-split.png)