diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index b359a5d989..6ba49fc316 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -5167,7 +5167,7 @@
     },
     {
       "source_path": "windows/device-security/security-compliance-toolkit-10.md",
-      "redirect_url": "/windows/security/threat-protection/security-compliance-toolkit-10",
+      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
       "redirect_document_id": false
     },
     {
@@ -19505,6 +19505,11 @@
      "redirect_url": "/education/",
      "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md",
+      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
+      "redirect_document_id": false
+    },
     { 
      "source_path": "windows/education/developers.yml",
      "redirect_url": "/education/",
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 68b6be4505..27e231694f 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -46,8 +46,6 @@ landingContent:
             url: https://mva.microsoft.com/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681
           - text: 'Windows 10: Top Features for IT Pros'
             url: https://mva.microsoft.com/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965
-          - text: Manage and modernize Internet Explorer with Enterprise Mode
-            url: https://channel9.msdn.com/events/teched/newzealand/2014/pcit307
           - text: 'Virtual Lab: Enterprise Mode'
             url: https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02
 
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index ad9f24873d..3672175155 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -899,7 +899,7 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
     Create a Microsoft Endpoint Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](/mem/configmgr/osd/get-started/manage-drivers).
 4. Add Windows apps.
 
-    Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
+    Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that includes Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
 
     Create a Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications).
 
@@ -1252,7 +1252,7 @@ Table 19 lists the school and individual classroom maintenance tasks, the resour
 |Task and resources|Monthly|New semester or academic year|As required|
 |--- |--- |--- |--- |
 |Verify that Windows Update is active and current with operating system and software updates.<br>For more information about completing this task when you have:<li>Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](/mem/intune/protect/windows-update-for-business-configure)<li>Group Policy, see [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).<li>WSUS, see [Windows Server Update Services](/windows/deployment/deploy-whats-new).<br>Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in Windows 10 help.|✔️|✔️|✔️|
-|Verify that Windows Defender is active and current with malware Security intelligence.<br>For more information about completing this task, see [Turn Windows Defender on or off](/mem/intune/user-help/turn-on-defender-windows)and [Updating Windows Defender](/mem/intune/user-help/turn-on-defender-windows).|✔️|✔️|✔️|
+|Verify that Windows Defender is active and current with malware Security intelligence.<br>For more information about completing this task, see [Turn Windows Defender on or off](/mem/intune/user-help/turn-on-defender-windows) and [Updating Windows Defender](/mem/intune/user-help/turn-on-defender-windows).|✔️|✔️|✔️|
 |Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.<br>For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses).|✔️|✔️|✔️|
 |Download and approve updates for Windows 10, apps, device driver, and other software.<br>For more information, see:<li>[Manage updates by using Intune](#manage-updates-by-using-intune)<li>[Manage updates by using Microsoft Endpoint Configuration Manager](#manage-updates-by-using-microsoft-endpoint-configuration-manager)|✔️|✔️|✔️|
 |Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).<br>For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options](/windows/deployment/update/).||✔️|✔️|
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 69755c157d..130251c08a 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -52,7 +52,7 @@ An error is generated during publishing refresh when synchronizing packages from
 **Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients.
 
 ## Custom configurations don't get applied for packages that will be published globally if they're set using the App-V Server
-If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration won't not be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages won't have access to this custom configuration.
+If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration won't be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages won't have access to this custom configuration.
 
 **Workaround**: Do one of the following:
 
@@ -64,7 +64,7 @@ If you assign a package to an AD group that contains machine accounts and apply
 
 ## Server files not deleted after new App-V Server installation
 
-If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the installation fails, the wrong version of the Management server is installed, and an error message is returned. The issue occurs because the Server files are not being deleted when you uninstall App-V 5.0 SP1, so the installation process does an upgrade instead of a new installation.
+If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the installation fails, the wrong version of the Management server is installed, and an error message is returned. The issue occurs because the Server files aren't being deleted when you uninstall App-V 5.0 SP1, so the installation process does an upgrade instead of a new installation.
 
 **Workaround**: Delete this registry key before you start installing App-V:
 
@@ -72,19 +72,19 @@ Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVe
 
 ## File type associations added manually are not saved correctly
 
-File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard are not saved correctly. They will not be available to the App-V Client or to the Sequencer when updating the saved package again.
+File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard aren't saved correctly. They won't be available to the App-V Client or to the Sequencer when updating the saved package again.
 
 **Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the package’s virtual registry, where it will be available to the client.
 
 ## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk.
 
-To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that would not otherwise be written.
+To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that wouldn't otherwise be written.
 
 **Workaround**: None
 
 ## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox
 
-On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you are accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package.
+On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you're accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package.
 
 **Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps:
 
@@ -128,7 +128,7 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed,
     3.  If the package is currently published, run **Repair-AppvClientPackage** on that package.
 
 ## Icons not displayed properly in Sequencer
-Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons are not 16x16 or 32x32.
+Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the sizes of the icons are not 16x16 or 32x32.
 
 **Workaround**: Only use icons that are 16x16 or 32x32.
 
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index 285c935ee6..d2bec5e3f1 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -80,20 +80,20 @@ See the following general troubleshooting procedures associated with a result co
 |0x80244018|Your machine is connected through a proxy server.|Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).|
 |0xC1900201|The system didn't pass the minimum requirements to install the update.|Contact the hardware vendor to get the latest updates.|
 |0x80240017|The upgrade is unavailable for this edition of Windows.|Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.|
-|0x80070020|The existing process cannot access the file because it is being used by another process.|Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).|
-|0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you have signed in as a local administrator or have local administrator privileges.|
-|0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68).|
-|0xC1900209|The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information.<p>You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.|
+|0x80070020|The existing process can't access the file because it's being used by another process.|Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).|
+|0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you've signed in as a local administrator or have local administrator privileges.|
+|0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device doesn't resolve the issue, then use the Disk Cleanup utility to clean up the temporary files and the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68).|
+|0xC1900209|The user has chosen to cancel because the system doesn't pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information.<p>You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.|
 |0x8007002|This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)<p>The error 80072efe means that the connection with the server was terminated abnormally.<p>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.|
-|0x80240FFF|Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:<ol><li>Disable the Upgrades classification.<li>Install hotfix 3095113.<li>Delete previously synched updates.<li>Enable the Upgrades classification.<li>Perform a full synch.</ol><p>For detailed information on how to run these steps check out How to delete upgrades in WSUS.|
-|0x8007007E|Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.<p>Stop the Windows Update service. <li>Sign in as a user with administrative privileges, and then do the following:<li>Open Administrative Tools from the Control Panel.<li>Double-click Services.<li>Find the Windows Update service, right-click it, and then select Stop. If prompted, enter your credentials.<p>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.<p>Restart the Windows Update service.|
+|0x80240FFF|Occurs when update synchronization fails. It can occur when you're using Windows Server Update Services on its own or when it's integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:<ol><li>Disable the Upgrades classification.<li>Install hotfix 3095113.<li>Delete previously synched updates.<li>Enable the Upgrades classification.<li>Perform a full synch.</ol><p>For detailed information on how to run these steps check out How to delete upgrades in WSUS.|
+|0x8007007E|Occurs when update synchronization fails because you don't have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you're using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.<p>Stop the Windows Update service. <li>Sign in as a user with administrative privileges, and then do the following:<li>Open Administrative Tools from the Control Panel.<li>Double-click Services.<li>Find the Windows Update service, right-click it, and then select Stop. If prompted, enter your credentials.<p>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.<p>Restart the Windows Update service.|
 
 ## Other error codes
 
 | Error Codes | Cause | Mitigation |
 | --- | --- | --- |
 |0x80070003- 0x20007|This is a failure during SafeOS phase driver installation.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
-|0x8007025D - 0x2000C|This error occurs if the ISO file&#39;s metadata is corrupt or if there is an issue with the storage medium, such as a RAM module containing bad blocks during the installation of Windows.|Re-download the ISO/Media and re-attempt the upgrade<p>Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
+|0x8007025D - 0x2000C|This error occurs if the ISO file&#39;s metadata is corrupt or if there's an issue with the storage medium, such as a RAM module containing bad blocks during the installation of Windows.|Redownload the ISO/Media and reattempt the upgrade<p>Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
 |0x80070490 - 0x20007|An incompatible device driver is present.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
 |0xC1900101 - 0x2000c|An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.|Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide.<br>Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.|
 |0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.|See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.<p>Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).|
@@ -102,7 +102,7 @@ See the following general troubleshooting procedures associated with a result co
 |0xC1900101 - 0x4001E|Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.|This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section.|
 |0x80070005 - 0x4000D|The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied.|
 |0x80070004 - 0x50012|Windows Setup failed to open a file.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems.|
-|0xC190020e<br>0x80070070 - 0x50011<br>0x80070070 - 0x50012<br>0x80070070 - 0x60000|These errors indicate the computer does not have enough free space available to install the upgrade.|To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space) before proceeding with the upgrade. <p><div>**Note:** If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS.  Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.</div>|
+|0xC190020e<br>0x80070070 - 0x50011<br>0x80070070 - 0x50012<br>0x80070070 - 0x60000|These errors indicate the computer doesn't have enough free space available to install the upgrade.|To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there isn't enough space, attempt to [free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space) before proceeding with the upgrade. <p><div>**Note:** If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8 GB (16 GB is recommended). The external drive should be formatted using NTFS.  Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards aren't migrated if the device doesn't support Connected Standby.</div>|
 
 ## Modern setup errors
 
@@ -110,10 +110,10 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
 
 | Result code | Message  | Description |
 | --- | --- | --- |
-| 0XC1900100 | MOSETUP_E_VERSION_MISMATCH | An unexpected version of Setup Platform binaries was encountered. Please verify the package contents. |
+| 0XC1900100 | MOSETUP_E_VERSION_MISMATCH | An unexpected version of Setup Platform binaries was encountered. Verify the package contents. |
 | 0XC1900101 | MOSETUP_E_SETUP_PLATFORM | The Setup Platform has encountered an unspecified error. |
 | 0XC1900102 | MOSETUP_E_SHUTDOWN_BLOCK | Unable to create or destroy the shutdown block message. |
-| 0XC1900103 | MOSETUP_E_COMPAT_TIMEOUT | The compatibility issues were not resolved within the required time limit. |
+| 0XC1900103 | MOSETUP_E_COMPAT_TIMEOUT | The compatibility issues weren't resolved within the required time limit. |
 | 0XC1900104 | MOSETUP_E_PROCESS_TIMEOUT | The installation process did not complete within the required time limit. |
 | 0XC1900105 | MOSETUP_E_TEST_MODE | The installation process is being used in a test environment. |
 | 0XC1900106 | MOSETUP_E_TERMINATE_PROCESS | The installation process was terminated. |
@@ -131,7 +131,7 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
 | 0XC1900113 | MOSETUP_E_EULA_DECLINED | The user has declined the license terms. |
 | 0XC190011e | MOSETUP_E_FLIGHTING_BVT | The installation process has been halted for testing purposes. |
 | 0XC190011f | MOSETUP_E_PROCESS_CRASHED | The installation process crashed. |
-| 0XC1900120 | MOSETUP_E_EULA_TIMEOUT | The user has not accepted Eula within the required time limit. |
+| 0XC1900120 | MOSETUP_E_EULA_TIMEOUT | The user has not accepted the EULA within the required time limit. |
 | 0XC1900121 | MOSETUP_E_ADVERTISE_TIMEOUT | The user has not accepted Advertisement within the required time limit. |
 | 0XC1900122 | MOSETUP_E_DOWNLOADDISKSPACE_TIMEOUT | The download disk space issues were not resolved within the required time limit. |
 | 0XC1900123 | MOSETUP_E_INSTALLDISKSPACE_TIMEOUT | The install disk space issues were not resolved within the required time limit. |
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 95e0124031..b21f910bb4 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -132,18 +132,18 @@ Now that the devices have Windows 10/11 Enterprise, you can implement Device Gu
 
 For more information about implementing Device Guard, see:
 
-- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
+- [Windows Defender Application Control and virtualization-based protection of code integrity](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control)
 - [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
 
 ### AppLocker management
 
-You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10/11 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that you have AD DS and that the Windows 10/11 Enterprise devices are joined to your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
 
 For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide).
 
 ### App-V
 
-App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
+App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that you must have are as follows:
 
 -   **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
 
@@ -158,7 +158,7 @@ For more information about implementing the App-V server, App-V sequencer, and A
 -   [Deploying the App-V Sequencer and Configuring the Client](/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client)
 
 ### UE-V
-UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
+UE-V requires server- and client-side components that you’ll need to download, activate, and install. These components include:
 
 - **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
 
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index e38f173747..7b2c202eac 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -18,7 +18,7 @@ ms.collection: highpri
 # Windows 10 deployment scenarios and tools
 
 
-To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.
+To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this topic, you'll learn about the most commonly used tools for Windows 10 deployment.
 
 Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these are just tools and not a complete solution on their own. It's when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) or [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) that you get the complete deployment solution.
 
@@ -27,7 +27,7 @@ In this topic, you also learn about different types of reference images that you
 ## Windows Assessment and Deployment Kit
 
 
-Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](/windows-hardware/get-started/adk-install) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more information, see [Windows ADK for Windows 10](/windows-hardware/get-started/adk-install) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
 
 ![The Windows 10 ADK feature selection page.](images/win-10-adk-select.png)
 
@@ -61,7 +61,7 @@ For more information on DISM, see [DISM technical reference](/windows-hardware/m
 USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and System Center 2012 R2 Configuration Manager use USMT as part of the operating system deployment process.
 
 **Note**  
-Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you will learn below, using USMT is not difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it is easy to use. With MDT, you do nothing at all and USMT just works.
+Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you'll learn below, using USMT isn't difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it's easy to use. With MDT, you do nothing at all and USMT just works.
 
  
 
@@ -89,16 +89,16 @@ By default USMT migrates many settings, most of which are related to the user pr
 -   Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*.
 
     **Note**  
-    The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default.
+    The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use aren't migrated by default.
 
 -   Operating system component settings
 -   Application settings
 
-These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](./usmt/usmt-what-does-usmt-migrate.md) For more information on the USMT overall, see the [USMT technical reference](./usmt/usmt-reference.md).
+These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more information on what USMT migrates, see [What does USMT migrate?](./usmt/usmt-what-does-usmt-migrate.md) For more information on the USMT overall, see the [USMT technical reference](./usmt/usmt-reference.md).
 
 ### Windows Imaging and Configuration Designer
 
-Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This is particularly useful for setting up new devices, without the need for re-imaging the device with a custom image.
+Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This is particularly useful for setting up new devices, without the need for reimaging the device with a custom image.
 
 ![Windows Imaging and Configuration Designer.](images/windows-icd.png)
 
@@ -108,7 +108,7 @@ For more information, see [Windows Imaging and Configuration Designer](/windows/
 
 ### Windows System Image Manager (Windows SIM)
 
-Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don't need Windows SIM very often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall.
+Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don't need Windows SIM often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall.
 
 ![Windows answer file opened in Windows SIM.](images/mdt-11-fig07.png)
 
@@ -142,12 +142,12 @@ The key thing to know about Windows PE is that, like the operating system, it ne
 
 A machine booted with the Windows ADK default Windows PE boot image.
 
-For more details on Windows PE, see [Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro).
+For more information on Windows PE, see [Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro).
 
 ## <a href="" id="sec07"></a>Windows Recovery Environment
 
 
-Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you will see an automatic failover into Windows RE.
+Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you'll see an automatic failover into Windows RE.
 
 ![A Windows 10 client booted into Windows RE, showing Advanced options.](images/mdt-11-fig10.png)
 
@@ -158,17 +158,17 @@ For more information on Windows RE, see [Windows Recovery Environment](/windows-
 ## Windows Deployment Services
 
 
-Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you will use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker.
+Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you'll use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker.
 
 ![Windows Deployment Services using multicast to deploy three machines.](images/mdt-11-fig11.png)
 
 Windows Deployment Services using multicast to deploy three machines.
 
-In Windows Server 2012 R2, [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11)) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
+In Windows Server 2012 R2, [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11)) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you'll use them instead. In WDS, it's possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
 
 ### Trivial File Transfer Protocol (TFTP) configuration
 
-In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—was not user friendly. In Windows Server 2012, this has become much easier to do as it can be configured as a setting.
+In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—wasn't user friendly. In Windows Server 2012, this has become much easier to do as it can be configured as a setting.
 
 Also, there are a few new features related to TFTP performance:
 
@@ -201,7 +201,7 @@ For more information on MDT, see the [Microsoft Deployment Toolkit](/mem/configm
 ## Microsoft Security Compliance Manager 2013
 
 
-[Microsoft SCM](https://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
+[Microsoft SCM](https://www.microsoft.com/download/details.aspx?id=53353) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
 
 ![The SCM console showing a baseline configuration for a fictional client's computer security compliance.](images/mdt-11-fig14.png)
 
@@ -248,14 +248,14 @@ For more information on WSUS, see the [Windows Server Update Services Overview](
 ## Unified Extensible Firmware Interface
 
 
-For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it is time to replace it with something better. **UEFI** is the replacement for BIOS, so it is important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment.
+For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it's time to replace it with something better. **UEFI** is the replacement for BIOS, so it's important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment.
 
 ### Introduction to UEFI
 
 BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including:
 
 -   16-bit code
--   1 MB address space
+-   1-MB address space
 -   Poor performance on ROM initialization
 -   MBR maximum bootable disk size of 2.2 TB
 
@@ -264,17 +264,17 @@ As the replacement to BIOS, UEFI has many features that Windows can and will use
 With UEFI, you can benefit from:
 
 -   **Support for large disks.** UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks.
--   **Faster boot time.** UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate.
+-   **Faster boot time.** UEFI doesn't use INT 13, and that improves boot time, especially when it comes to resuming from hibernate.
 -   **Multicast deployment.** UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start.
 -   **Compatibility with earlier BIOS.** Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS.
--   **CPU-independent architecture.** Even if BIOS can run both 32- and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS.
--   **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment.
+-   **CPU-independent architecture.** Even if BIOS can run both 32-bit and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS.
+-   **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That isn't needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment.
 -   **Flexible pre-operating system environment.** UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors.
--   **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader.
+-   **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware can't switch the boot loader.
 
 ### Versions
 
-UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a small number of machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later.
+UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a few machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later.
 
 ### Hardware support for UEFI
 
@@ -283,22 +283,22 @@ In regard to UEFI, hardware is divided into four device classes:
 -   **Class 0 devices.** This is the UEFI definition for a BIOS, or non-UEFI, device.
 -   **Class 1 devices.** These devices behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured.
 -   **Class 2 devices.** These devices have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available.
--   **Class 3 devices.** These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS.
+-   **Class 3 devices.** These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 isn't supported on these class 3 devices. Class 3 devices don't have a CSM to emulate BIOS.
 
 ### Windows support for UEFI
 
 Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers.
 
-With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system.
+With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI doesn't support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system.
 
 ### How UEFI is changing operating system deployment
 
 There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices:
 
 -   Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS.
--   When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa.
--   When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4GB.
--   UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit).
+-   When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It's common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa.
+-   When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4 GB.
+-   UEFI doesn't support cross-platform booting; therefore, you need to have the correct boot media (32-bit or 64-bit).
 
 For more information on UEFI, see the [UEFI firmware](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)) overview and related resources.
 
diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
deleted file mode 100644
index c56d9a43c6..0000000000
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-title: Microsoft Security Compliance Toolkit 1.0
-description: This article describes how to use the Security Compliance Toolkit 1.0 in your organization
-keywords: virtualization, security, malware
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.author: dansimp
-author: dulcemontemayor
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.date: 11/21/2019
-ms.reviewer: 
-ms.technology: windows-sec
----
-
-# Microsoft Security Compliance Toolkit 1.0 Usage
-
-## What is the Security Compliance Toolkit (SCT)?
-
-The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
-
-The SCT enables administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy.
-<p></p>
-
-The Security Compliance Toolkit consists of:
-
-- Windows 10 security baselines
-    - Windows 10, Version 21H1 (May 2021 Update)
-    - Windows 10, Version 20H2 (October 2020 Update)
-    - Windows 10, Version 2004 (May 2020 Update)
-    - Windows 10, Version 1909 (November 2019 Update)
-    - Windows 10, Version 1809 (October 2018 Update)
-    - Windows 10, Version 1607 (Anniversary Update)
-    - Windows 10, Version 1507
-
-- Windows Server security baselines
-    - Windows Server 2022
-    - Windows Server 2019
-    - Windows Server 2016
-    - Windows Server 2012 R2
-
-- Microsoft Office security baseline
-    - Microsoft 365 Apps for enterprise, Version 2104
-
-- Microsoft Edge security baseline
-    - Version 93
-    
-- Windows Update security baseline
-    - Windows 10 20H2 and below (October 2020 Update)
-
-- Tools
-    - Policy Analyzer tool
-    - Local Group Policy Object (LGPO) tool
-    - Set Object Security tool
-    - GPO to PolicyRules tool
-
--   Scripts
-    -   Baseline-ADImport.ps1
-    -   Baseline-LocalInstall.ps1
-    -   Remove-EPBaselineSettings.ps1
-    -   MapGuidsToGpoNames.ps1
-
-
-You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/bg-p/Microsoft-Security-Baselines).
-
-## What is the Policy Analyzer tool?
-
-The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features include:
-- Highlight when a set of Group Policies has redundant settings or internal inconsistencies
-- Highlight the differences between versions or sets of Group Policies
-- Compare GPOs against current local policy and local registry settings
-- Export results to a Microsoft Excel spreadsheet
-
-Policy Analyzer lets you treat a set of GPOs as a single unit. This makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. 
-
-More information on the Policy Analyzer tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-tool-policy-analyzer/ba-p/701049) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
-
-## What is the Local Group Policy Object (LGPO) tool?
-
-LGPO.exe is a command-line utility that is designed to help automate management of Local Group Policy. 
-Using local policy gives administrators a simple way to verify the effects of Group Policy settings, and is also useful for managing non-domain-joined systems. 
-LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, as well as from formatted “LGPO text” files. 
-It can export local policy to a GPO backup. 
-It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file.
-
-Documentation for the LGPO tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/lgpo-exe-local-group-policy-object-utility-v1-0/ba-p/701045) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
-
-## What is the Set Object Security tool?
-
-SetObjectSecurity.exe enables you to set the security descriptor for just about any type of Windows securable object (files, directories, registry keys, event logs, services, SMB shares, etc.). For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg-file-compatible representation of the security descriptor for a REG_BINARY registry value.
-
-Documentation for the Set Object Security tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
-
-## What is the GPO to Policy Rules tool?
-
-Automate the conversion of GPO backups to Policy Analyzer .PolicyRules files and skip the GUI. GPO2PolicyRules is a command-line tool that is included with the Policy Analyzer download. 
-
-Documentation for the GPO to PolicyRules tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 3525284dcd..3058486461 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -46,7 +46,6 @@ The Security Compliance Toolkit consists of:
 
 -   Microsoft Office security baseline
     -   Microsoft 365 Apps for Enterprise Version 2112
-    -   Office 2016 
     
 -   Microsoft Edge security baseline
     -   Edge version 98
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
index 766f8e4345..3c1c1c14e2 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@@ -41,7 +41,7 @@ AppLocker was available for Windows 8.1, and is improved with Windows 10. See [R
 Enhancements to AppLocker in Windows 10 include:
 
 -   A new parameter was added to the [New-AppLockerPolicy](/powershell/module/applocker/new-applockerpolicy) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this, set the **ServiceEnforcement** to **Enabled**.
--   A new [AppLocker](/windows/client-management/mdm/applocker-csp) configuration service provider was add to allow you to enable AppLocker rules by using an MDM server.
+-   A new [AppLocker](/windows/client-management/mdm/applocker-csp) configuration service provider was added to allow you to enable AppLocker rules by using an MDM server.
 
 [Learn how to manage AppLocker within your organization](/windows/device-security/applocker/applocker-overview).
 
@@ -76,9 +76,9 @@ In Windows 10, security auditing has added some improvements:
 In Windows 10, two new audit subcategories were added to the Advanced Audit Policy Configuration to provide greater granularity in audit events:
 -   [Audit Group Membership](/windows/device-security/auditing/audit-group-membership) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the logon session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource.
     When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the **Audit Logon** setting under **Advanced Audit Policy Configuration\\System Audit Policies\\Logon/Logoff**. Multiple events are generated if the group membership information cannot fit in a single security audit event.
--   [Audit PNP Activity](/windows/device-security/auditing/audit-pnp-activity) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device.
+-   [Audit PNP Activity](/windows/security/threat-protection/auditing/audit-pnp-activity) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device.
     Only Success audits are recorded for this category. If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.
-    A PnP audit event can be used to track down changes in system hardware and will be logged on the PC where the change took place. A list of hardware vendor IDs are included in the event.
+    A PnP audit event can be used to track down changes in system hardware and will be logged on the PC where the change took place. A list of hardware vendor IDs is included in the event.
 
 #### <a href="" id="bkmk-moreinfo"></a>More info added to existing audit events
 
@@ -126,7 +126,7 @@ The logon event ID 4688 has been updated to include more verbose information to
 2.  **TargetUserName** String
     The account name of the target user.
 3.  **TargetDomainName** String
-    The domain of the target user..
+    The domain of the target user.
 4.  **TargetLogonId** String
     The logon ID of the target user.
 5.  **ParentProcessName** String
@@ -165,7 +165,7 @@ Event ID 4826 has been added to track the following changes to the Boot Configur
 
 Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn’t expect this type of action, such as a domain controller.
 
-[Learn how to manage your security audit policies within your organization](/windows/device-security/auditing/security-auditing-overview).
+[Learn how to manage your security audit policies within your organization](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319078(v=ws.11))
 
 ### Trusted Platform Module
 
@@ -196,7 +196,7 @@ User Account Control (UAC) helps prevent malware from damaging a computer and he
 
 You should not turn off UAC because this is not a supported scenario for devices running Windows 10. If you do turn off UAC, all Universal Windows Platform apps stop working. You must always set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA** registry value to 1. If you need to provide auto elevation for programmatic access or installation, you could set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin** registry value to 0, which is the same as setting the UAC slider Never Notify. This is not recommended for devices running Windows 10.
 
-For more info about how manage UAC, see [UAC Group Policy Settings and Registry Key Settings](/windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings).
+For more info about how to manage UAC, see [UAC Group Policy Settings and Registry Key Settings](/windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings).
 
 In Windows 10, User Account Control has added some improvements:
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index 76b3dae302..354488f563 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -118,12 +118,12 @@ Windows Information Protection (WIP) helps to protect against this potential dat
 
 Several new features and management options have been added to Windows Defender in this version of Windows 10.
 
-- [Windows Defender Offline in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media.
-- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus) to configure options and run scans.
-- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware.
-- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus) to see more information about threat detections and removal.
-- [Run a Windows Defender scan from the command line](/windows/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus).
-- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) during download and install times.
+- [Windows Defender Offline in Windows 10](/microsoft-365/security/defender-endpoint/microsoft-defender-offline) can be run directly from within Windows, without having to create bootable media.
+- [Use PowerShell cmdlets for Windows Defender](/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus) to configure options and run scans.
+- [Enable the Block at First Sight feature in Windows 10](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware.
+- [Configure enhanced notifications for Windows Defender in Windows 10](/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus) to see more information about threat detections and removal.
+- [Run a Windows Defender scan from the command line](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus).
+- [Detect and block Potentially Unwanted Applications with Windows Defender](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) during download and install times.
 
 ### Microsoft Defender for Endpoint
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index e906337f68..40a615660a 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -200,7 +200,7 @@ New features in [Windows Hello for Business](/windows/security/identity-protecti
 
 - You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune).
 
-- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset).
+- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset).
 
 [Windows Hello](/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). 
 
@@ -362,7 +362,7 @@ Until now, Windows logon only supported the use of identities federated to ADFS
 
 1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).
 
-2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. 
+2. Set the Policy CSP, and the Authentication and EnableWebSignIn policies to enable web sign-in. 
 
 3. On the lock screen, select web sign-in under sign-in options.
 4. Click the “Sign in” button to continue.
@@ -532,7 +532,7 @@ In Windows 10 Enterprise LTSC 2019, we continue our work to improve the diagnost
 
 ### Application Virtualization for Windows (App-V)
 
-Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise LTSC 2019 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart.
+Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise LTSC 2019 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart.
 
 For more info, see the following topics:
 - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm)
@@ -578,7 +578,7 @@ Users attempt to connect to a Miracast receiver as they did previously. When the
 - Users do not have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections.
 - No changes to current wireless drivers or PC hardware are required.
 - It works well with older wireless hardware that is not optimized for Miracast over Wi-Fi Direct.
-- It leverages an existing connection which both reduces the time to connect and provides a very stable stream.
+- It leverages an existing connection that both reduces the time to connect and provides a very stable stream.
 
 #### Enabling Miracast over Infrastructure
 
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index 6be3ca4505..8384e85778 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -46,7 +46,7 @@ For information about tools to evaluate readiness, see [Determine eligibility](w
 
 ## Operating system requirements
 
-For the best Windows 11 upgrade experience, eligible devices should be running Windows 10, version 2004 or later.
+Eligible Windows 10 devices must be on version 2004 or later, and have installed the September 14, 2021 security update or later, to upgrade directly to Windows 11.
 
 > [!NOTE]
 > S mode is only supported on the Home edition of Windows 11.