Merge remote-tracking branch 'refs/remotes/origin/master' into vs-wiprs2

windows/keep-secure/TOC.md

@@ -573,7 +573,7 @@
 ###### [Domain member: Maximum machine account password age](domain-member-maximum-machine-account-password-age.md)
 ###### [Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)
 ###### [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)
-###### [Interactive logon: Don\'t display last signed-in](interactive-logon-do-not-display-last-user-name.md)
+###### [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md)
 ###### [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)
 ###### [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md)
 ###### [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)

windows/keep-secure/enterprise-certificate-pinning.md

@@ -73,6 +73,7 @@ The PinRules element can have the following attributes.
 For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml) or [Representing a Duration in XML](#representing-a-duration-in-xml). 
 
 - **Duration** or **NextUpdate**
+
     Specifies when the Pin Rules will expire. 
     Either is required. 
     **NextUpdate** takes precedence if both are specified. 
@@ -83,6 +84,7 @@ For help with formatting Pin Rules, see [Representing a Date in XML](#representi
     **Required?** Yes. At least one is required.
 
 - **LogDuration** or **LogEndDate**
+
     Configures auditing only to extend beyond the expiration of enforcing the Pin Rules.
     
     **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified. 
@@ -94,6 +96,7 @@ For help with formatting Pin Rules, see [Representing a Date in XML](#representi
     **Required?** No.
 
 - **ListIdentifier**
+
     Provides a friendly name for the list of pin rules. 
     Windows does not use this attribute for certificate pinning enforcement, however it is included when the pin rules are converted to a certificate trust list (CTL).
 
@@ -104,6 +107,7 @@ For help with formatting Pin Rules, see [Representing a Date in XML](#representi
 The **PinRule** element can have the following attributes: 
 
 - **Name**
+
     Uniquely identifies the **PinRule**. 
     Windows uses this attribute to identify the element for a parsing error or for verbose output. 
     The attribute is not included in the generated certificate trust list (CTL).
@@ -111,6 +115,7 @@ The **PinRule** element can have the following attributes:
     **Required?** Yes.
 
 - **Error**
+
     Describes the action Windows performs when it encounters a PIN mismatch. 
     You can choose from the following string values:
         - **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site.
@@ -120,6 +125,7 @@ The **PinRule** element can have the following attributes:
     **Required?** No.
 
 - **Log**  
+
     A Boolean value represent as string that equals **true** or **false**. 
     By default, logging is enabled (**true**).
 
@@ -130,6 +136,7 @@ The **PinRule** element can have the following attributes:
 The **Certificate** element can have the following attributes:
 
 - **File**
+
     Path to a file containing one or more certificates. 
     Where the certificate(s) can be encoded as:
         - single certificate
@@ -142,12 +149,14 @@ The **Certificate** element can have the following attributes:
     **Required?** Yes (File, Directory or Base64 must be present).
 
 - **Directory** 
+
     Path to a directory containing one or more of the above certificate files. 
     Skips any files not containing any certificates.    
 
     **Required?** Yes (File, Directory or Base64 must be present).
 
 - **Base64**
+
     Base64 encoded certificate(s). 
     Where the certificate(s) can be encoded as:
         - single certificate
@@ -162,6 +171,7 @@ The **Certificate** element can have the following attributes:
     **Required?** Yes (File, Directory or Base64 must be present).
 
 - **EndDate** 
+
     Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule.  
 
     If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates.
@@ -177,6 +187,7 @@ The **Certificate** element can have the following attributes:
 The **Site** element can have the following attributes:
 
 - **Domain** 
+
     Contains the DNS name to be matched for this pin rule. 
     When creating the certificate trust list, the parser normalizes the input name string value as follows:
         - If the DNS name has a leading "*" it is removed.
@@ -189,6 +200,7 @@ The **Site** element can have the following attributes:
     **Required?** Yes.
 
 - **AllSubdomains**
+
     By default, wildcard left hand label matching is restricted to a single left hand label. 
     This attribute can be set to "true" to enable wildcard matching of all of the left hand labels. 
     

windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md

@@ -21,7 +21,7 @@ This security setting controls whether details such as email address or domain\u
 For clients that run Windows 10 version 1511 and 1507 (RTM), this setting works similarly to previous versions of Windows.
 However, because of a new **Privacy** setting introduced in Windows 10 version 1607, this security setting affects those clients differently.
 
-### Changes in Windows 10 version 1607
+### Changes beginning with Windows 10 version 1607
 
 Beginning with Windows 10 version 1607, new functionality was added to Windows 10 to hide username details such as email address by default, with the ability to change the default to show the details.
 This functionality is controlled by a new **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**.
@@ -66,6 +66,7 @@ If the **Privacy** setting is turned on, details will show.
 
 The **Privacy** setting cannot be changed for clients in bulk.
 Instead, apply [KB 4013429](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429) to clients that run Windows 10 version 1607 so they behave similarly to previous versions of Windows. 
+Clients that run later versions of Windows 10 do not require a hotfix.
 
 There are related Group Policy settings:
 

windows/manage/windows-store-for-business-overview.md

@@ -306,7 +306,7 @@ Store for Business is currently available in these markets.
             <li>Viet Nam</li>
             <li>Virgin Islands, U.S.</li>
             <li>Zambia</li>
-            <li>Zimbabwe<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;</li>
+            <li>Zimbabwe<br>&nbsp;&nbsp;&nbsp;&nbsp;</li>
             
         </ul>
     </td>