From 02644e51ce2d146643ae2f872a2239b32a26de99 Mon Sep 17 00:00:00 2001
From: John Tobin <v-jotob@microsoft.com>
Date: Wed, 5 Apr 2017 14:28:46 -0700
Subject: [PATCH 01/13] Folded headings

---
 .../credential-guard-not-protected-scenarios.md        | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/windows/keep-secure/credential-guard-not-protected-scenarios.md b/windows/keep-secure/credential-guard-not-protected-scenarios.md
index f2c4d556e7..a62da81098 100644
--- a/windows/keep-secure/credential-guard-not-protected-scenarios.md
+++ b/windows/keep-secure/credential-guard-not-protected-scenarios.md
@@ -29,13 +29,9 @@ Some ways to store credentials are not protected by Credential Guard, including:
 -   Third-party security packages
 -   Digest and CredSSP credentials
     -   When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
--   Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.
-
->[!NOTE] 
-When Credential Guard is deployed on a VM, Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host.
-
->[!NOTE] 
-Windows logon cached password verifiers (commonly called "cached credentials")
+-   Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- 
+-  When Credential Guard is deployed on a VM, Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host.
+-  Windows logon cached password verifiers (commonly called "cached credentials")
 do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available.
 
 ## Additional mitigations

From ffb0e17bc7315eec95576c9bcdb97b790cad303b Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 14:37:13 -0700
Subject: [PATCH 02/13] added user consent info to wipfb

---
 .../images/waas-wipfb-aad-classicaad.png      | Bin 0 -> 1382 bytes
 .../images/waas-wipfb-aad-classicenable.png   | Bin 0 -> 4610 bytes
 .../update/images/waas-wipfb-aad-consent.png  | Bin 0 -> 11236 bytes
 .../update/images/waas-wipfb-aad-error.png    | Bin 0 -> 10409 bytes
 .../update/images/waas-wipfb-aad-newaad.png   | Bin 0 -> 1486 bytes
 .../waas-wipfb-aad-newdirectorybutton.png     | Bin 0 -> 1005 bytes
 .../images/waas-wipfb-aad-newenable.png       | Bin 0 -> 2757 bytes
 .../images/waas-wipfb-aad-newusersettings.png | Bin 0 -> 847 bytes
 .../waas-windows-insider-for-business.md      |  27 +++++++++++-------
 9 files changed, 16 insertions(+), 11 deletions(-)
 create mode 100644 windows/update/images/waas-wipfb-aad-classicaad.png
 create mode 100644 windows/update/images/waas-wipfb-aad-classicenable.png
 create mode 100644 windows/update/images/waas-wipfb-aad-consent.png
 create mode 100644 windows/update/images/waas-wipfb-aad-error.png
 create mode 100644 windows/update/images/waas-wipfb-aad-newaad.png
 create mode 100644 windows/update/images/waas-wipfb-aad-newdirectorybutton.png
 create mode 100644 windows/update/images/waas-wipfb-aad-newenable.png
 create mode 100644 windows/update/images/waas-wipfb-aad-newusersettings.png

diff --git a/windows/update/images/waas-wipfb-aad-classicaad.png b/windows/update/images/waas-wipfb-aad-classicaad.png
new file mode 100644
index 0000000000000000000000000000000000000000..424f4bca0a7ea6352d436cb5a3c981bbc5d33755
GIT binary patch
literal 1382
zcmV-s1)2JZP)<h;3K|Lk000e1NJLTq006!K001or1^@s65Qfok00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxhX4Q_hXIe}@nrx21p7%uK~#8N?VC-n
z3_%oz{bgHQTRUvoNo)uUk=PI{u7%_xA(!j={wBmn5J}4;^K#~>>h9^O>JfF`<jI}s
zsybcW^>)pvnz{S-pV{t$pf$qyL6d~>gC+^%2Td}o@ozl;&>gzClPn8@IhoD)=kL7e
z(3AIHx&!BKCF=yiT+CwpV_SQ_OfNC>r|Jd4TvRtcsm+(~KNgn%qf5K5ll6mO4yqcT
zl!nwMrxVv7CEEo-ZK@jo?(2^Wi>JjWK`eHIO;FAFq%vdl_Vc${7rUo!K3$x->kePJ
z_gDF+Z_8=f_OthkSIeRv?a_mGpS#QV-~4{9SSo+@>Fd&YC63v1D~6Sgrx>>uYb4@&
z>6&O~MSp!9i85bb(z$dkl8xuf5PhReaeW+>Z;C3$Cxux>q(iAVHLwG$!4SwB#F`V?
z0n;GLoXED9k@@RQo5I%Tz1rxUK8B31_Q)Gf4}#D+Y(MO4-v{v530$YH)tCDiNOg1l
znw#Rr&n;$$bnVf*WW3TKZaxEHO+02mP@nOA3~S6O#s?d7$oSTbx$8mp8a#b{$kp@r
z!S_?`bzJo}Nm1jIvgAxpzRzAhsZCC`7rPoP2EZG`nkEP8Grk{i<jbrSN2E+=`|RUe
z<Et;;Y!dH%`xL1@r0$J9pT7?rL%O#rmvnrS6g7Ts2glClLpwc3ukJ3zEJ@!CT*COa
zj^fKeQ%$F1wD&P|J(4w)jBk%k?Za5(OZFZK^(R%f35ppXbLZsE?7z^m;uGWGh1*N@
zOOcWWR3`FmEXWRA%J>>!{nhcQrn3gl8Q;E^(QP}$O7+*%*N0p^8&|Kr!BcTJNfF}@
zEoL#gt*@Ui<W%El4XGQSGL;=L>T+D~eR;}Aii1+eS24cct4*Krz2WS&@m}b-zYlut
z`v5wxt!F<4{C%K*$i_&;-6U%ppV@p!r;T|q^q5_r(u-XN30Wg(Ff?EqK&w@auX-qD
z9xHDG^~Wj|BV~M$;ph)|`FfH~W7G%VH-B%2?t|{P?q4qMrdZ4Pq$EQ-I2f3RgL<@K
zaf|W$QX`2^27k^VD8Xdo4=qv=<uW~@9pXLPo<ra4BA+G&K?x=se`v;LX6F;ZJ{+`@
zw1^#gc=V9?^9R8?Ofr6MajG;1FsnB;ZLKJ$p3<S*&m89dSwryuv$FB~wj%8|B!>3l
zxR?KVa_*Caw8+*Af^}HQ_?TJwdP=^&SL&Ewz_J6B6Ay*08w68X$@qP<JtD<XU1oou
z5^>y$|HPu6O=J3Ueo`LQ3xai+l<M@&`j{CI#<#gX?Gf#HNVMYv%;p$7Ct^gNACzL!
z;ubUanbb-PSmpBM>Uuv`HBy|jHy?K=uRlzd1^+*jj1Ob>@g@Jy<zx2mCHt*!DUMv;
z>9+P>hVdI_vhhW37skrw{xD{?S2|?dmEz*gv+nrTZWzB|);2!m_Vp#dWjQqCV|vmd
z+olwxIL!EA{I)4#d|-CQusQK?u$UeCgs8cQ#pp777{6_b86TLX`^-Ni9*UYfH{|u6
zFn^mAH9oAe=(X}+WYs2S{I)4>e8BwL%O9g!i`YKG_-#|g_+n`Hrsg6x2>PgMd|)<D
ziFC;Rs4WQQq`L9JFM3IXYA#}fV2D|a515}>zQ)fFf?!o<Gky^KON8-*CJEyQO%lcr
onk0-LG)WjgXp%5~&>-90Pk^rY$ta7o<p2Nx07*qoM6N<$f)3}nMF0Q*

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-classicenable.png b/windows/update/images/waas-wipfb-aad-classicenable.png
new file mode 100644
index 0000000000000000000000000000000000000000..9cc78c27365eca79ab4550d32977deaade222668
GIT binary patch
literal 4610
zcmb_gc{G&o-yV#;EK|}lnu(DXkwj!0OBmar`Z8H-)Ks>Z24kBM!q+~Cq9h8DB`NDr
zCPTI_VVH<Yh8b&&Wiay_?|a@q-gDmbp7*@x_s8=*pU-p7ec#u8J?FWu>)Z+Ub{2aj
z4od(4fV~JyGe-bGAdO##h>7s;V-rQ${D%P6(ZU2!(F>mCH$aTBtuX*lohrF~U6|jC
z-?Kzv0RV-#-Af?#_wr2uKsFm;W_%^YeLk-`1&j!M$hHXwTx9j9R|E2i-e29Kq+8pb
z+!r1wu9Z^2Q!YLLG(4cNrQ(F_&I4zpbjAckla}@}7$VV+hkEiBrft^O1rjR0Bz1Qr
zF_T(eKWQU0fMjJ+Z~<A_bmjdr{L<v#P;R#C<Nr)e&-krOevHmll1)!lmF!qy^i@7H
zj0nXZFB`KE!1K5}Lv3-=mEW7gf-hsk$+1Y;(OW3^NQeLTrh472i!)*Q6b73`b5eJ2
zs?*g|U1y6=4V5`LK@7up+nNx_*W&nagNZ4*;cp-O7j1t6Nsk2s8=Rb}Ngv|DQo>%+
z`(=d9%*b9SIOljD-W_QWxxK;cFSMXh*|kFA8QR}5Sew$tT5n!vf7#oSA4=#ORIp4*
z8ovM0@?E`3>w%U&dB{5lh*73hd$Pg~E7XLIOmKtvi?j&nhpo+NdUQ9FYR~aT9L?Wf
zrOajo)T<pT91!+`ofz^@ws_vmdGT~&;8R6NYWUj}j=?1MJb_*{Pb=d{kMs;f6<Y%A
z1&-mXW-Wt`i8nZAI4O%4tub<XZ1RZ;M;eEf@%=5s828L)SE`hv208uVTi1l%N4U0o
z`9;_a|3iy~FxLf)BAN}<y3^U+H#+>qq9RAq!CQ43OawNYI2nygjX5>h(krkugw{(8
zUf2Em^gkb{S+$_t$mRwf<#h^*_MZrTEY$k-wmvKm{*7=~0NEo&h!M88SD*Sa)l^+p
zp7b;NX%g?y7X-h-zQBso33T(|p)HVrB#L$7;b8xPcv*72667PDsr5}6>O%8MbO2i{
zKV)j|+@fXGUC}^C7A}H!!d%VCm!_<xxWID{^je;{>MZ2yA|aY2{VG;)cGf~7K4SiK
z{Ifk<*94+wa0M08dei68-e($T0>&Cd>}j7FHh_Xkyfxf%`UA=W(zqox<mcoX=A*NK
zv?%B`Kz{JRwjB#B1#e$SlO0qEFrFAoi!t9Rr}&)?xbNYzB1nRC##0idN#empjqQ`*
zZ-&&&ZrR3BH$%@x^`y3t<@Au)e*M!Ux7@=0HW$#o;vE&<j>n8O)n23!ZqzA4-}!%*
zV{({uJp(DcR{OfiG1<r1VxU((EM~l0dUpXuhqKa#-ucgb%+dGAr=tXdaOHNXZDOQ@
zL6o>^8H35XHAqj5BW-9ah~wM{^y>157oDW|ve+X&3U2VXj}GA?aPv<c!120<GP9!@
zi5)Nb(-)Dgax|DO$BeIf)Zo*hw<_<2zCD!uanta@g%!vxY{?`hlM<@BRKu2#^tc-S
zK3vm|U2hG4Um*@XTvPu>tYi4JnWx<r*YCa7dN}g+WI~6<LK3l+d<3^<s*xL!PeY!~
z75YUg2}+JqSozF2fG;)_gc#sca+Hlgfo?)rubo0&HoJZO_86?^qFp}5XaYBXizblH
zMECfVjaO_a9lZ*`XvFldKmX)<E8>#cV}C{H=(fUwV<R99Y6%<*5b4EVD^>iYk>EL@
zA~Qp_B(7rSuBEp0k82`D3h}G#fo#VNh57Dar$2(jb|&RJ%O7)Ujc}X31-;@P1|Kg|
z$Ex38UqaYgo1fGKt|uKucHm>)^(L}x_iQ=Wgrv@eZYMb0xID`$A3S)j*g^lbwCrZb
z1zDNrDKVd>=Ms`(IocBMckD8fp9T5Mw&{$^GcsjIGW36*Mnq=%lq9xTk({Ta+>qon
zb~_|Nle`wih0Sy;B~+~SU8||+K3QE_q>l9*PcUv@m;=eQT2v^YS5UF}0cH8F+5OIs
zjg*t-4r-D)b#gu&t-bGrhg%QgnovgR))*9g;S{XRdVEPXEn?=UlH#A*yr;x_)R5B3
zBYaWSRmLboVVB$uTu({F$LEp4PC}cU7LkXVBq2NTVTcn@#Xzftmqh4+ZRcD_)+Ttz
zKK#yqyzE`Lz?Wp*z5G$}ss+UO_zuwjt*nMYTedzJIjbH>{QW6W@J6+>>Z6xGPpkf$
z^!@)~7WJHk#znQ)O=0T`ieIW7;AUPqUVZgRq<P&(=t5$AM=^!dr_N)QTMy$GcK3d6
zf7%M)iqbO*h<Wn6tnCq=YO;r$O?jPwGGYZ46;(_Hbk%psJtWbA=X2B1X%Fv}<SV}2
zL%~4z|29RyZGlZ1f%lbNSG(ZxeVcoE9Ku^%q)~quMe?%yd;}S|q;HSV;vLdP+xOUC
zkw)Wr5mPh|LUTps_V!Aj(*%LHQ#`N*{#)-1)PI899J)05k&Ovi{`ncF5WcbWgE?A*
zagv4@HdXxEH=zEzGed>Op3OCxSeow1Eu*GF2zSHS%puz@|FcrQixVv^rJEfrT4g2c
zP|Kgy*{^+bkJYi|L13fM)tTuzEGO?qHd|mGr?9lWxxxzV$h&-3^>lf5(6D3a&T{_R
zQS|T^4sm564mW)f-V*fKf2KN`e88%Gs*YphTFR(#N773w(X<?sd8F>=<MlwPGtm8J
zKYIw=#o`qnH@_wFV)5Q|gp0)Bida{{7Y$*c@y73L55K$Q{b||i9+AgR7;!g#Ihakk
zONt?)fP)!Vks?v#{qeRS$zN&zkbo9x<yA_?PNXSK?Xyz2)!EKO4HMfhS@EEVM$aL(
zvWVRDzWj~Kl_$m!AH<j(6XelOQTI5=ye%|s!CU=&JVFo~Z&3a5*#m`}`6I&2ttYRM
z71A2U#8Rb4d6;t7=x)&}Ya0}Vsx%R(mvRg$M#<-`r6L*Z5ExY7*WQCA<(6_1s_%9s
zszmUUhM=b45xR6|^8p!<uy~!y&XYZ-R^KG3B%BcUcKXzMH2ot68j`nOWIpgBMFWv3
z-~m&opTw2R<c@|jIhNnG%ym;|R`JP}`LN!@NDgg-Dj)lvn3_l1jG^~7nA6U5-;lq}
z^8UNe)w;dJ><W>ri%goeHiC!f7=CWAJI_a#DJF~rvG3ei13u_jDjHx(U*&^~2O#(9
z-+{}?P;Raj85_*U?J}8=3WJ|}Ev~fVNUEF3rF^9xFSwTihiwKO6b%a}c>%)O=Mc#h
zi$JEhLRFVS2=abfeGkZoE)>k|hJ+5>bRT);)hx%Eo-LrB^A>5pwP)DG?dKO=!vx`^
zZJ2p0W?JvY=^!}ouy;ICf@%;{D#~%Jd+2KI<E?jAlwOtVCb}7#q6}?%Yof~hDjM5h
zCASX<WU?wvv(S=aOGO_8<kQ5g<2a~qr-HA+bDTk@o~E?q-sx8<J<nhx8OD|#R&r5r
zBho(KA<Xk+4$L(iZT+AO@kYgv<Uoh+m?I%+n<@bsLDRM_bRlsgwDRUdhqv=r`aOMD
z#fO4xyTFbh>B+n`32aAQcrVb)Y0mTAtBvlabJ_N2^NCf=_e}axkdqYzIjr-DXm5^`
zt5He2HWQp5DU`4)i0^;w>k#o_KA9QaKs?GirCsO+K!9OFBy-!$EYuNP(o>kli*{{a
zgjN0J%9nkIwjT46Jo16WhJKE-Gy~5jO-bV1l|Ucd&zTR875HfrIO~Sp$JXMhGlxHs
zt9L&yYVI|X^UA2&wEIr6M_drc_p?1ei3vIq^pT?$@D1A{qx!M;c_wgxzz<Qjn3ykD
z#L;slP~Ix=`MqaO%2}|Z2cpMM97+ONG`om`WVniZvYy!Jz9LZG9M_t5UaZO(y!*Vm
zxcfOl!N}VR%;DsyuSI<4LyA{sy*bOH#Bx#C*oM(<%{~eKpRwHGTK(%<Oaz)nyAm-x
z;*h;)ZWc?fCCI&z+BsB4Kzb!NLZNw1jZNIw+8@pogVN$HfWVM}62`rBo`hr$SX}8y
zUQBjOMx(hzf(jzaHlMS9CLub;Byh4ig<Gv$o&3Nt;|}K`OpBvozKA4MB*=z+Igpf%
zSN=h=uOUmU6jV&$X(J9y&h<?2V~p9$ih7fAAMOxD*k${#tw=W%gGQ;SREiXwFF%8(
z)%`QPg;7iM?$XU?>#2PB<sxROY~sL@-dQ!)%_6p1p51s8t&*N;%3G5iDT`=18hw+m
z<|{vP1Ov0bR0F3f{&&g#pH%<zQ+XNgnMetObXw=1#SL#4t{dUauL&NlWv``M9D#v!
z@nKCITB6?G=*ij4O+ZEPj>O)jPV8S=-?N!3xa}~(3yN;I=s&}<6?cg=pGsvk__sQ7
zxiCV$thq1BLP7&T-}sg_$Vdfa*afNCCI(#1$Vq*ifnA<yv)cHr)wt4s<_|{e1jh&S
z+=n7hE=#*C8)5i1^`O~xrLDRyiwNjUOYXfTtc^y(?B@|S)uMErN(4ZUc@ja_8uc{d
zn7&0t%qK$Hl~HGdNa3L4xFplkUxW4c%~{`nV}SEXUwuL7c28B1D;Zj&ow7V}-Di7=
znwo`*z?@&Wy^~k$x7PezjTYMnrds#`P7S5t0+Y_Lq!Y9P4*A07mir%n=8ZY<J&?Ro
zxVTeLUrU7Bp75D=c#$(IM1>h!K?CmDxoC%yY$-2QvQY+uW|v4MWMYiz1k8OdOtBO@
zn>5_qg)HW-L&MFR0u7lpL&LwoIkXeTy-dBr01Fm!&-MRW-_*D4z8-&Y9l9-)>Cq)R
zJyH2vm77iE8}E|B(cdwq*eaE@rc<6@2Og1<-RDOKaW!9uFP!<M>~OP?7GvW0eD4H1
z1^<`F)`0usU#8&>RmDcZRm&cXf$MV($47n_w~b}Aq6qGVXSF*cD1RL>T*@MCUZUt!
zuH*~_pYw~wQ;=ttN5AQc(y`r`lwaucsdwdds7E)X0=k3$KDb76K6^Oq0M8oE4+smf
z#G<s;b13aVlKD$|4T3eUfNRykk7w8-`CQm)!wqm+ooyxLwVT}$KwyqE7UB3h@>C&i
z@z2*%M55QD<%3(=g69MS%)IVYB7JH&Uv7_eN59|S%Q_qyPP|AbBHLe1WsQl=4XE6+
zgOt3`X!I*=Ky9l>!G^6*BB~hfDLuyS*RPIr6ei1uY5Ptz-9fLA?pt~y+=t#D&$S}F
z5U(Y#DLYISk{bO%C%DWIFr)L8%G0yg*42#U)U?^no)=g`F1`uu0~EZMW?5W+T_GF$
ztYLKhL4&Kj;Yrxes8;OA)hgTa*{<!ov$Uv&&@&%?62y~8bGq42`1uN)n;|LYX&Tsb
z*^;iqP$M~hd)x2*R@~>FSzM9BEW6g9q=q0>>ryeKJviK6SFt&k>&4y8UoJ@5{43re
zCR1Aiy;`L0-KN6D$e_2UdkwmoZMVnzIl9R45`~g3+z(CarkdAI)?I4tkHhFL`pNEO
zXP}=A=NhMWOpYMCNh;)P=1Iii@n=1qZU%$e+JSOH^tb&PK9+}9Q>Et$>k2va3u&G=
ztOGk;0R)55n{HaOS8gvxcy=LgW~x@(I$AsS(X0CCw|o(+wE*<A{->I&6P<Ngy9nHV
zW|Kk<v2GjP8nETykLBq8UOL)zPidJ9#D^8CQ%NHkx-845tD_F^Lv+2*zwLB`pMHfa
bD!34vCirc?T6!=4+y;QSWM@`k;`!iTnK-LG

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-consent.png b/windows/update/images/waas-wipfb-aad-consent.png
new file mode 100644
index 0000000000000000000000000000000000000000..aeb78e5ddf0fcc56db47f1dcba809a336c5f2ec7
GIT binary patch
literal 11236
zcmd6tS5#Bm*XScCs0ipmM1+7x5LB8Vf+SQ?5rNRf(3K`&Kp-LXB1bujfKsJ|pdg_m
zH9~;cLlSz25Q+jx2%#kO2;BI;-+j6d-?(GkhwmZD-h1q<vDTV%&GMV`xfR4j_~@CV
z002PP^!5!K0Dup~yY4tF!26y_HskVs4usg4TnAKlOEY*k2Yrkzi~xYzRH5JZ5Ap7g
zJiZML0RVuBe?A9N=T^M{0Htu#8%B0vt}LqABOtVy9@Mk(?W^7kjnz*HcLjzs#fb@7
zf+>y-DL+l+iZ7_#bPlTeG=Kleb1OsGwF}9RFJBW>lx0K&5Q-9W@H0*yy{5IgyN(=L
zc$|@CdXf+2{8&itL&J$1e9!xkBSqyKjum%@VzzQfu`9MeU24|L8{5m<$~QixD_R}|
z0196mh64bGUMJ`PKpg2@?*RZH^JXDG0B|YEP!IsHI~6Yi0F)~80RaFj=t17f3+w)8
z{GpOxl3uAP;OSm@k-0=u5|%uDI(@!{BN_TFBE&osW_-7`$DvsL@>!2A1g$=LL$e`%
zz2s$Cuz%%^Ec;KxsFArf4x+3~S7b1Sh+HO&P^!c7qQ=+4MOgMy<zY^TY$8w58z%LY
z5D1&0o_3Y0j^L328Ty+wW_;nN_@gozegYt7zqIWf_1<%3A(p!<^8U()^<NEdtJw`g
zGODE2@wj6$sMls@W_1k>%2?T(!;}LDLEIDc(X}SZ_<-wPT%$=m#7ubaY9xCQLTv0B
z1;H{8!=GVh!QPiUxMR4yKGud%eD}a{dept@*3E)eOdDR@B@jCXkFrt?{Fc2e&xhJQ
z3~!p<El%DYsVLIR-rteJ%x%Z!ZE|7LfYCfdA5Lz*jl&ayl(3{sDY49djz9W5AL{b1
z;OYMiySQJ7&t~Ns`WWz`nqo-%zRb;)#nE&_THntgM1Sj9A<;nc_I-qgv|EPB>vfxh
zpvWY{L_>_!K~Nh{OGKXN9fr%0z6dQG47+b6Q;rWr%idLdB@*#~>G*%WN)?4KIcLZ%
zct+fxdAqs!Itj^UDny9Do0f=q5)jfiE4Jpp8etEwLtMjbmtf7zrdd`!Lb4Q{&Rp7f
zo&~xEbHCR;)vZQpjkwO*{HPqNzFoH|)_z_zW;|m+EYY*K7_YGY+B7GcQ}F2Kh=XtR
zimh)!!7JkgEqvq7zvkV~wh^To5zL=tjfjW6l?GN7<c`_O*6_fJkivloW$jZC@(oX?
z<<l3VE9YODr<82huB+Ro$>Neh&m0nqG`1U=bvf0xy#kJ+)ugho<;Q-|W+7SoEI|-z
zLESN6Y5FZ?Zn5~~pnubZfGF`B<52VJ$2k@zeKcrscCRHLw^ZZbU>D=ZuMxEu8Z$O;
zuk*G)IBL~;1Ik<#hFZaVFIZs8rX<6^W`x+J>~O5Cv~W`jV8)DY@WREe*xUf>T}!oz
zjO52s7AT=*=k~LTiqDFxN!Pk)<Sr@pNAc<@nvNY$Q)N0V*Tef+&0C&kOKk{i*Y56{
z81qp1-iyAn%`7MO){iHh<|*D@sHVoJQmJ75;<S3FUGsPATfpYZ?y1V?g*qu4*stWv
zk6BgwlP#Mioh@F4+^6ZBU}_%DkGufy?N;!aq+hO<_i$!7kHV#Ol>%|F;Rb8GE=yf#
zrxGGj(6=$SMs`Aa&di<2!;d#qwosNnxcrg3?z^L3g^w?Fe3!fAVWLVxxl`@b;vvkX
zR_Os@@0HU00N2;=hps}MT+)=v)n$kNs8QaP@VaYnd@bK}yTzX;w;Xeg5Q1xYdPUs!
zYy3MrXu~FJ&+Lkcy+;MH<0++C#NETo@tNOM$%vr4sw!2a@$qtHmt6Jjs$}O^l>3Re
z+H(WOmv((6tI9l-U91z*c<SVQ#<uo(qN$=DR+&Q(@LHk!`np1G2#&Ud+)Rn}Jpqx5
zTdgyXigsml`WU4K%RuH&v&5mDtCDC@^4*b{cdf;InV~xY#HwPEHezzERv~-%vQc+<
zGs7Z{N;9O@sd9{JQtGtINUh;muDfDHewzD_rq!@<mImgSY`cP5ndaDzOQya3l9_`Y
zW;e>E#6qy~;__Z6<lR17a8RFWx?vEhEhW8CVv)sI)xERe>j&ACO$dhH3M?9@=K590
z+Hm_|jp5qYHkZiAREDMjhVL5f^nhGRtEgp-K!O*VW@QaX%Yee@H*?w=<SYCPD$KGy
z=S$E0>n|5P6FORwrXgvy4W?!&nO$o0_nj(bkGx6i8x6`>;zy-z)UFAINK92{mz;;m
znd+3T^|ar!oAe5;MO$l4>MP1E{3elhhE*D4?ME)Hga`a!*+%#ytC;nZ;SajChfXP=
z!Sn0>qHd9<F!Ug$+|d$9DX!P2HbVl?YG|Rn&YblCtzw!-ZfbFrCrfkKNBku*r{B=W
z=u~RO-m0;LJ#H{O(s(imOTCYiraNbcATrC`At}N!N2_mTR`a8>#_^J~6H4KU<+@i6
zm;drnbhaTjyO*pt<yVb(J$iIaBe7#%P8RTe{V%$%vu-scEhq<<jz35F7;zl|Fq!=c
zq=j()tpUBJEzQ=P(i$9!7>z^g+6mveYA3#;V)BkHY+s#d@1cAY?$`KvtJV?uUZ;9P
z%2iw!nptC^MoyR*g0aQD!?a-`_9f(nUh$^*+1bkE{B&%HB_AuWun64#BY5`GRo`@m
zL-S-E->Q+1Z8gef4sC{RbF4^BF6&l}6=d(|AkNbsdF*u$y&X=wy8^u*z6i}z9_ED4
z4%@2Un|f8D2&c)oir0|+>$}bt4yP&2I)`tDi`*1E?Bu=5kv9!|y!w!IL(s;Hbr~sL
z!8OEGEk<3mNV<f_bp_S`o>&i11Ms8;MP~;Md5dai$srk0ZH+jSauNISceM7%_OVrk
zol99+j%vS^6`OM&|MXi@&Gg2j9%E87(5X<cUL|QzC6#p$<W~u_jt*I?W~h!187f92
zQzG*wZXYeAqd-&vP-t3+sgY8iA9(-Ne#yegbIGh7ow5<Tn`%s@NwMG|*0lLQ((sJ)
z<~#O#KPS4sYSHBu%5^8hShKLra_TX2lWtngD=}}8!4HlFG2Z>I4#`z?Q>^EwPJ~}m
zx+;z{+_HT>WUlufqdMfpQ1+1s|MFH`xaSy*pJ!npsHn!j5l_XaS~_oo=iDBd@S|);
z-l1ML1#Ktz;n<<fOK0G0U{(nwqda}iD}+G%W{;hOMFuB`q!apdn)9k`D@%1Zsx3}2
zc6Ap91;^Se6b34`y{udIt+*WUx_-~wQNaC;*c;unrEz)loEBs`tbplv`J!K9-Uy_u
zJwS~Q<vFctY8Kia8fNugio*0sYjWr>phUosrZSi;p<&Ch&?_LMc3mY{RKnHD>v*2u
z>w`}Mj(d*Z9osIIhxJR5v10VaKL1NLxYP7vl>Kqd)280`?zMmUn)it*IFy=x($H7i
zq^@7D^2)J!$`X07abra)e(9zE!i`5cI>%xN9*_uZ(bA`4{E8l^n>FD~JLyMcXN)_9
zvQ0pXhW_CsGKJdQ_azwe9o!fI(L!Vv3k+0Sb~ppaL)}Sw&e{spy?}_PZ~L9Y>f~XI
z{B9|OMszYezA*XWcOcgO6y01U`(W(mkhlj1A^kL=yXYqG6#PQyw^-!tG|>_rniOC$
zk@X2K7C(9j^KZ6(&edka>I{2mulvgi-l5>n={wN{#;>F2o_x3J@9~1oEakrpZ8?0A
z=wUgBzM$)7z6%#QV}YZuzOkk-e9~(E!L>wAnc(WDyrr{jv(4sDy!Y^dId^YfL7GN>
zJgZjP(l!4h0?l>v&uJP8O6hdTk+KiB_IeZDgfjFI<QsQgbS+Gex@iaJcHYWgT|R*m
zf~WC?2<cz4F*22V=*C*;23aJvwcRs7>OoKKQK6Uv8XoN8VU|3_A^7R2H7>u!)C^i^
z8}mhC$jEGOZ91#c)t98?)7?RQeqT}sqWG~HG1{drUDCRsp%HvfV8OP|IpSt7jNAK@
zLAML_iid0i#+=%d1W~_-a*m9q<4hF_kpVM_u})IKoS*8p+M(@Vo!Cq0p9vnVx*K&C
zr|8?dHlQI}BD-pH-)T5Ym3U~V38P?QPYJL*y*{$ck$xdf$;jEMOkcc*68O7HJ{5e1
z4o^SzUEmvP#Gmpsrlf+S-DipO*Lzj5Z`Naa=GAAKg4YIHWg7+`|8CJ7W^VbU+H`k&
zpg)S~vTaKMn^()<JKElSIsWd7y{|US<5WX46Hz|$5W3N?ww&)G1YdMXFMdb9aSr$J
zGwo<2))1rBwh-lw?K&65k-x|7PS+t0R49fdV#4&T&5^<;>fvXy%9g(^X<Vx_MQ{8A
zEZBiWwRQH)QsvdC#pfr>5Cb~$*kbBgtDa&@g^=OITVBBnFY}uV6|pMBacu+X!TX}X
zSKcIlyOJ{-+~2kivKh`S>1jj7P{ooPV}%}BUPzNgBnJuz>`!wI8VBp%JP^6_4>82M
zZtYc6X-@3I1y`BKF$JNuD4C0>g^NwC>-S<bDim`T6cNw7eir*tYUrlzW_3Ggw|~tS
zS^s-Cp+w5C?U>UDSopf5spOj7-t#XJECrPp!tftn?Ris{l&Y8#TioOIfu+BkHYd~O
z88ld&ZkU~SmPa(yOa>nU^;SgJOPn*7O`Gp}tPfR>#15+nMs8k>`q`YvQ5S+w1X_WH
z{2P>&#Od-5xs9gbSMRPqcTik+aN0&L+z`@tC?$TYhG0LXIko)aY_|2lJpF3|x=dM<
z;Tqzesa^#(jK_I;gDzjKJCQ|RSbgIrTV-zU*#=M*=^9deIcZ8`>0L;N@Mzwp<@KMY
zux8LpINPg^r9C^p4f)(HatL&u<It%x6~l*`1+NAq(E5!C2N}fn&RS~C3z+1as2nG@
zODCp3^-XSF*Ay%n%WQj;ekejeH3PDK5*m;|+WI!IwYQ^_n9<SRsaq=3t{+<ms#^G9
zEOo^#@H^R^XJ1t*xZOMTd4!k9S~O$sTroOSV!TB$+mfO9okWXUa5$Sk;x>X@6}uzJ
ziL(HIsO5A|1lKO|ADN?htUZgrNVCqtF{^2p-B?dq6?ftx?CN}o!E}zkfE3UjBmiQJ
zxNW}(87tN5|F>@00rr`o0F!ZxD($yPucp0{ZxMl~Ehi)?);~=nOyF`a_>3K?IG=uc
z;F-g5dWIg*lRPDCN2V=~E@P-Wci3Xl3yNR-`KA1vs75FCh_$<hgwTyz9dAdrr?F9?
z?Zk%A<bCURQN6xBuhp4{+{E+T&0UV^4$>S)4n)o}UC&QeZ~oUA<>e<!<li6f*nYmz
zzx8c0ru*;nX<8JAtW4<Ha5o!h&S<E(S^`iQo^}8mrBSDcCMm39S>6We4Q**4^4h@C
zgL9nQMR)iH&TSYS(38|>AkS^znIhVQB*$JdK7Y6DhwRqYcMTiAnRMNmL)9zAr*yeX
zSYAA@Xt-r}9UBiJm<XhsTws=mkPLo!7yVuxgNlEq`C#${G!VnZHKpg0;6Qrm59DtC
znaZT<zcQ;LH(Q^L**Kg?v`<LVuP!fB`X@2~lcV=!Dg)P?9%Z)FnM^Kh=~p`jKg#!f
zIDs5|ZX|q6BN=hG3TMIT@U9j~Pk*0hqQilGIuaV3dN|Oax7Oj&LdekDoo#ID*IQ&2
zqNOz|VB&Wgbh6eq1bzl??gT_<j{SPAWSyRPQKtgjJQ3Aw5x#OZSg93Z+g|(xvvTxf
zsmroUo^n4o{G^bAZu1-wI6Eq4XKIkXJjmr~+r4p6+Z|*4>6HTTYJ-bHEm8|c%}HN1
zLY#2064*Tm@<J{Q(^$Y!Hi1m=tghHJV+9y^pa)fadvaVURAWT@O*S?Ns$bflg~H{D
z&Kh~{y^X$JgY`YBWoYfOx<3@+{VU`F!c7OQJ7K*Owms_nxP3gLBer1BxFOp9e6MLj
zcEGs@-vw^Q%prjE3(XP&3Tp8!@R{OhD0Jy&Fw8s7O8f+OhwN-L#4P_T;nF9;)bF+K
zzhzfJ<`B)=0;rBx)nIw*YW+vSc@4I=70MVAuc$5OD|Wp6uc(n;frwvI$nBjLnK#*N
zC0u*7^~iLG4s^?=($-91zrLQG=J#RaJ7h_SFt~SaxuzEAXmLybof|x}RoDM6#tadh
zJnAu|68?BSBRufV&h@L@;A(k;f$k$G{P`n-(aq~p0$}iQda2>U_(i?HFGs)4?@o;_
zbBTU<_Z02iTo%04mbRAkd4km+Y=vT(CA~h-eve?Jc%<W9YI<%3WGH1wCr5M?A<4+j
z?z+ah-I#QQ65b<7a}2^wR%k)rjc`h7h9<&s6$2$GnSx%m$dH~xS1;UhYaf}?vCC+J
z9}mRKt3}UHUq+WXjSkxb=GzXcvZN4TY3bJ?LR$2cOe2GM$j-s3j<xepmm#$dxEr5D
z`{l>>Lp`~+2B`Uo?a)SapV(S@O<;Ytlmd(Mg;*5a$x@8)L$>IZ>d(v`Qrnl6w5G@w
zWDUXd`_^likA93zy@%#pjt{88iv)5%&&ZkB;Vw28i8qOJ*yb1*Q2)GxoYDBR@{lV&
zEc#2L?Z$(_omZWz-8aV_Zt|hls5;Gr@fY%zhRxWW$RqHE-xV!_bG@YneR~k!wSpML
zDGUFd!F#f)pVv>)A2OITUq{k<lskH2rEoSKco}E>ttdPEon0C}+4bq@NQz<&1+s~5
zEijlYYZQ##-F<u|+8#R=dL7YVklb2nW{bMfSFvQaaCyUVZRYtv-87_KX<VQA=$R)-
zC^Yn3ueIIT#(b`1;z*Z0qG2N6=nl<SAxh=<oZI^Ew91qONU)GzOwjB0`M>`<$mouR
z?&rsINt<uKpvx`<jzsn;fa!C(3v#`+b61tp<rsVR21S(8n1k0^Vt8qv>3Bc7q9dkS
zj=}Uk6(bWH;iI&FMZSo!eJ?n_o#ck*c4f2v2_2Z+Hx7s(ulHEf(RUul4jW>zC9U>b
zVyABM@&@$>2A?l`k^*$3S8xGHP}da*ca;(q8C%}dXW)BsZ|&Q4nuFoD(HavD@?l7@
zLF#L1?DpN&o{uN<#cG&f=e`a5*M@?hx)%a_5A2xaRft4#-f|@-@1BSkdHhM8?q1V3
zUw&>+ALS$b=fRi}?Q8H{+vcnuYu7c9!%rPe+f3KmaI0DBb$U^YKNomC<`fT13g!#L
z7m+(ZWMc8jK2K4$g8}{rL6+FrvcVO?HMG$mDrxtvh(fL_Mk{bT{(WPz6H+r7wsD+?
zG_6i-(g<BZo!v7}wk*wbBmX;g*?qt}X2ko)HY(TA<(Y!_;&StiVIBt6=R-v|h41=n
zY)_caes`|WaFKfTxkz#D%lq?CM;q0yakn(!HRXYdo{c=!0|2@}e7C;Ro<&YxFpJ&x
zyG9=yK;D+)kKQfk&9vtXZ>-^-R2o&^K$*YM7n-chqpdI=9IV_l#GF@3&OP?BhrCM<
z1^`}-w;5vA?@cyG89^Y&OxwI;<*V<?zRu3mo(<{~eVGIE_6lBmbxgrP*`eYOdeZjP
zb4D@?T8DI1#EcPT=b0ihXEKR3F4<k~)T+op($jP?jSR>F@N|Z;7;o-*uWOzaRGNjD
zSJ|?^K35WMjH+Z{eBZy_04sDMB3s9ZujQw%mZh4L9<5vos85xr>f=%$;p2y?B`-((
zf`4AZyYT@G6>%r&6WPl$wnpElLo{?EO|$Nfc)}2-suoOHNvT&~2P&G~XNf;3!2vg5
zwo+*lU0T@L;apUl6l54ib;-yUsVH>+FA8+Ev3h)8TzpG+Kac|f^rzuC1oK|au(bxw
z8fD_bcy8r_tS&fuFe>KWAx)|7cB~XVs!T`4IKi0xHp#a|mDt&5)Y!Qn)R>6>Aodb}
z<!WVCv|)RtqLh?DI#L_83vx`&e*cz@vb+KS{5$sE(8t9!4@T-rUg2c5MmJRpZ2YR*
z>fqs+d4m0`kdJ?pQ=PhLC-N#Zssy;>Tlo`XFO-oD)#&uE{5%kZ6Kf9P+|aUn{4QJ8
zEs7r1jxxk3G=2{9ofKxjf}GV4wqE*(R-(oryb^G^$1Kz&rcUsLT+oItDteN-^C?dA
z?l>Ce3O?T$FBiNQnt0ZvIb`+UV}p>6A?M@b5%Ng{xdYFAY!9hiS}EsI&@ms%5xBtY
z(?i-1{USfEJaN=l<!tWu;Eux6rc=N=0Kl5}GCzukx5MKh8qH0bXHCb>7MBS8PBGBK
zhucF+f4%IPN>#IL$imna&U7b@K?<*23PGZJg2^0CV9OD>jEaoI=TT^Q-hamObl^w*
zpWNi>6(3K(V7q6D6tQ$lJcRb?9qi^AKT7R<geUZ@gq8S5uws#33Fc7>Wah?Co(_AX
zs`+@ekLhvVe*6i{{S~=99n5;3?laq|WYJv5qfz_YPYd{yny5U+qS2Nc6S~3&3^Bo!
z49}$S3JrQ=nTCX8lZ`xVBerc(;tWXZe9u_0z>my1M;k8Cs!g&E$*7Qm5c$87Qh$=g
zHY${mOXh#^5>|;Qy{3x}mW!}IrHh?<9yyQBkyR5px%kavACd%IbbIwQajzwu7*$X`
zU!j}vRN~y94d%fau28`<4dkO|J!BZIzH|Pn&U<`}9Ipy8{fY9_P_fxqEIea}_~S*m
z=t~0=lQBE=2rkl7w@nWIv2R<Q*)_yal~Jo957zCo^*Hv{vm8ZBExY5I@{Pb_@TH#A
zik`0o7JroiaX)f-_n{20&Qj~Ly+9H;ed%=0n@lq^|GFk`w|OMo>JTuw%snNgF^JRp
zvI6i<Ywca<f*TX!$`{7?VyY9-DSXM1J-u+Tet+?N95#TM8*^m3Gf6{})m=rzUw&*+
zg)3LQjUEj7*Dj)as?(s3+M*({pBNqfHhL9JN*MRv`2Kepel1sdaatOsh*Tw=aJj4I
zlA%;lQ5WHBeK(<yHothk5oX~UQT5yZ8c%!_6tM$z8d{J^e7#1KT(eZo&*EX@_x2j5
zAJ?~@Dd&gAl)t^3{kHFSkK)4(pHsKydJEf(H7|$VezvY2@C<q1k-dc?HzQ0GedgHU
zOL~(nDam;XDh#b1nv#Or?{5<~$BD#_rb_SGZTX&r#68UK<+Hue{pzE`cD+~YTNu$i
zO(3ys{)qC!{(on&|A&^R{vRr4!_@~tO34Q#PaoF2`;Hkf)uKrdD6UQW-PUhK@b9=2
z&<6Z4nNb_B?#omEi_EUtCsE^?DOX42$PXf1ru?$GBDASl$`V+KR&Wr}KrnB6dDTm=
zPT7kT0EP`_yjDSmw8An+0-&#NnR27gjA~8Ba+?qwc=my~$wkM)0p?jMuL3l<l!23x
z#)91qoZ?e<AH{N{H`fF~mVzY7Yqt->BUU>FKonNP5x9tez;v6D4!<CA?;uFwbS-wn
z1H0K(n64t4a0(n(OeW+i?Zu@DfV`(oM})w@SlQZ79hSy*(LB&axGm7ZL%8=Y&kJX;
z*4yCl)Bm;wj}TS_HsyPk^d}Il>^mD`QS&9?PKcB51qFT35Kz70cbNA5>7S~+#7%;#
zf4iQT>d^k3q25|&4SVpt%AhODD5!w7C#4hveag&hz!8oJ^spmVIKB6d2)gf&HfwZ!
z8(7Gy#kn@&Zv(64x78`RJ667-%<qqEofV)i3bBdnldjmaDh%}jmK^ur#stWE#*xiA
z86{nGE4zt6%)S`M8s{1+E<WrePAx@!JwR9<P3u;0t_J;E`O6fX>+C}pydbO?J)_<=
zHMwDdtI8gZB6#-yM5JBJTY5zOa7?p)d96MaGrnZS2^Za-s~(_<_?Z%xXDd*X4Oaqd
zD9RH(B7@eDuqb?MKa0X`VB);+{TBjkw^;){<CLxNOO~nB*y4azP$L>as;8)a)y%<%
zus&Ysn%Sw<V5dq1;QQezb41Kl{61U5jQPpJGPJtH_cmz=ru5$Hufh5~oNtrRg4ur6
z6BuW|@YvT~AB1GX)4B-K0Oh0C`+uTeJs=re3v6W{_#n6ONTZJRagit;x)%{0@+2=s
zY0)qrB6sTSKirq_3qbIRw&aoUQ}72+!kN%#cgJ%ih$*t<MC8QQ-mmRIGO6!3a26U^
z@gzP}a52lN*rWR(IrLo$U&+LSaEk?btq(V_#4SRSs5z*Mg_tnH+eS<vt~3W<><Nj8
z!dtX>0W)wji}l8OZ*)Bq9>z59Q3BPx9{8@O_LX(MLmc;2+OAt4Se#RG6mT>hizGB`
zld5Pe?JT5$Mfgl`UO^NTIW8K9`anR!A7M@i@tM=SL2o-WZX$23c7y4I=TMj|Gutp_
ztZ_F`?mp;~x}+_Ej99qSP_O+YMK$YIO^6Epv=BH{sk10grp-LtdZ(r;X`_9ORw5nD
z5C#20l@=L>E=uRMkLq*KV;&zV7y?tlLO~b;ZRYw8Fc?h%Bu;*T&|Wa@N<IGGnKTb%
zsi3yO-kt{nI#E)2&r!TB+NOGU@cyE1FL#wZY*~*-hoTbK?+*_U)WF`s`ZRvw%{R5J
z5*dlu32I>94r=@`Z!x?o+01hwW6QaOLqbd%`B;At)wXD|4IK^wEpDm*MV!8(RRZq&
zt^NWlEI_z-rY&CMo<R%5wR)m{9nnl-)oFsl1D1>Q9yc&A&>N6{WTF3p<gCs;*1r&)
zHEfoJ+z+c|eML-YW?(R9)tXy)viR-%SpNz)N%+fik@Z*pLbt54kJ#!jeEc4s^4>mZ
z+{yrPnry63jmiCm@Eyp;r{@)$sgO4qGW9D_!KsquNTcvDGPU8KSPZD~1OR+Ll^+=S
zfRKGL8nI-A5pyB1tj?iQ2JREEme&|pfDe0Tav|5o#{{=i5FaLkgh)gSpBpo0-zt(y
z82yC1+}`x-Ld?%#h?OhY+9ZB!+P-~aSJ`c85AfF%9<64JChCLU6I`^@$yoHW)_XZ0
z(V5v$OvJzQZ{bpST{fBR8$@oi&AFLvGJfa26r|riR9ah4W;2SD0=4?Fw9|(;+QiAi
zc|jlR(}wv!NNxCP)WrtZXiJSvc^_W|X$+Za_TyoKzm_PK%b_6e{XN53WXgSv$EKv}
zCa9C{IqRvXSoIVL`>Y<~+W{K!oO0C}L%aZwgf(O42KIF80yEW+!A)+iJ0D}BVYrlF
zHsz!53*mrCpU-i=Svmx>{qFa~GNt`x_S!7vgG;OrKT4Cjq>lhmVzY-6d@GjrzD6LK
z$}Uqiw5Hp8!OZMzXr;*4hyi#(YxJAlrc|+EoKp-7WJd|3)r90fbP5`9CzqiF@Q@b<
zAvd#V<L0CDUw-k8UW}BbUtoMn4+6ihG!95YXt2COcORh|<gV<OFt<^@pu?WzwU(K<
znfHH>wHJn1X6HqPhnwC6)n1PFp7I3^tg}4E7!fGY=ZDP_h!3tYyBb|;9PCsm@Ov2I
z-FvSSvhrVh%nQ<BUkPIahyjzlWcS#;!lH~~!i6e>D%%2><abinZf95a{77J8#0tBR
z*;`{4J9Qt3>xVyGKT|p40raMob8;Z*XcL33$(S#{4jCCM18Y5Uqd{DvEIvf<={WaT
zDpem+ImLvh@YAV0PdO^PZN$gLBuy`s^@Y0&#wENk#9SYDpznz*ZDd6z#__sVHYDOj
z;zW3XgKpdZfaoDkZ=GPUXI<@r%j%0I4D-jKR(Rg@KMwz~=H11*KW!;^LN2ozR^a-l
zr6gS1pA-S#-n$o=(nyZRzu5`sxbtZ2ipR|}#PG|*&a0Fc7ty>}Ad#{b;Nf9B8TLz9
zCw8wj>Zcg`m1XpT?fg_v^iqh1fq@z}fSQKiWd-)Z4iviexEH1$+nEGZ==)1oo}Gpo
z7KR)j<-EQ8Vd|}+kH5cJ`~L1SnK#d%oPvU^3Wpk!TFk1@c3*0YyxZ0niP?1Y@8WG_
zblV+?(*ThtK5D&VpOx$$iN<#ux$~ob+<BB!XG|j}OKEok^KTXXU4!3i`8}r=tL_Hf
z<)HU7+;$fnf|n+A#1^BNPE#)eL;<@I0?YJK%Gy(4<fCTBBCBfm0F_a*l~A;O#$0&R
zdm1vLB>m|ZK~!*erQ&MfZsxNc<<t4#W23%jx~9gahxSNcW-H*ALq_Z;YCgA2pdIx6
zxS9Qiifse0qB4Ij_E0Rtq;0hrbseY|A_&Iw%n;Sfhe_X^3}Uc1Ms99E9YYm>eq8!U
zl5buuH)&qQ!asMvdfetss8iNzQ(8dLK`-g1xi=1O(L)D8KHd4R1EYRPvAY6eY+b|W
z#J71Da{D_Y_}L1#UB6I=L>(|7w0{6dzm{-U8wI-ryzmRl956b+4c568xzBJPkm>D@
z|0dh|VqjKS{uww-fs4#e<Qdsd-l)e`0c26v*SZ;9GuDJ-<g=ZDV|$Nszzj3&D(Q1(
zR=q(-?(Rp%G17zgCuF{k>FanyU3Q){73M_CGie(V^H(ll{!z_y9?Q&(KK1IO*L?%>
zhS-tEEq-Q1P=E{@_FX4nbmPn1q3!}br7KsiuycB%ejL=bwY63FxXqo~SH*Lw%d<T3
zv>t)O&%*a7+vxg$LRrh8!gLXv=l${L&H>$9A#NN&?V17092f-^t$ce$pxz4p;r5<L
z_W4dgZi!qI<W-4P%*s(V^*;Aic0md^>EN*!*wp-vv#<>@k@D^MmWNPngyd0d(10`*
zjWp-(2k@c7c5IET(l7g(Qc%8PMq}`StaEeOfl7>+UtX*^%qJfME>vumZg|Vmusv+`
zU4x^_FQ(gm%eJx$q>$fTQ4bdnAsrJ~iklN5t;S!HmiFLxjXG{Vmr%BLdUATMpRp#;
z=ni0decBMHxv^LuXX@lQ8IXe*cl+GFdqDf-#mIVD+E&U&gb~gvqKqtEQ%N<faF4x%
z)BnZ%xb9-7rH^m(1T{S8sYBW=<kWZA_mZzF6!ZIfju9d$?L|fWlF=qK%G6%d?-|k9
zSIg1Mk=~Qt7=vBLVoDEs|2OSFd)PDU;GpxmdjcpO!W9uP33R`(-T7YdZ}4byf)8<e
z>b{lGz{yK8t$)?_Xf#Pr7!8>DV0OietMG=H3&}5_O98)z-H?bJ4Av}V>~F){jr=*c
zWm@MJmLcI9O(*DZKeN|SC$X7N;BX^B&7J2JYt>y(g(PN4nM&;C{k`RRB_-f&)LM~j
zW=+(bQXlKj;h*-LJ*_>u0_HsY^w+UVwTO3=<~6`OL8-uA>vQ~BS)$5Mc>d5#T-5b>
z-2v_3)&f4%lLK|FFCQ3P-!{yX9o;o*&1-qt#~otyQgDpt7=u`I15u-P5=l?22b(>0
zPrt?2Oz#k=7R2a|Ty9gW=ke{@)acHGAYT6)J2m#Vam?0NS?|<*CKzn6x0+f+;Wxw=
zv>BQpCq7Smg7%b04-1H2x%ZL(wab#o+1dkY`iEQA3f~I!PJFsAC>BVWaDO<^JE@8;
zv09zZya0ThprOv(Xfoi1D~1xY17fmv7A}XjI~C3f^5a~v*p`?5;e814t|D3aE!ai$
zq^1S0nBWTf%6eyHp$#Ke54aQ-&62EWWqp6|T6QJ@Vz<d|BnkZ1O|eBf7-X>ZS+o-<
z4W!d+s!vHsc!h*qY0(3$F(q4z(nZdQAORwR2o+$4@YOeOy779YYZCNX!Ou;eaikPU
z$;05{iw(SG1*Kw0<Vej{@@|f1G1rQc`&%N*TDP~ab@##&XsK?kZ_RZ<L-nuA#hn{0
zj~$pPhiQYc$JC+?F||Lj)Ts6yU$fBgk@%D}0sovYptargn%GP?p2cC0``6^ul&`r+
z@7iaHM65-I#_V&aOtAcMtm%r17`oAU?ZWlys6xW$*P;R&cjdPP0Pv@V7@yGI=Tu+1
zX|Q74XXdn0JEzHk=N1dy4uVi&ZissnsmJ4P2A3ZLA493jKCg;+z||1{KfrJP|8F}L
dU%#<uP^;$pdi%>N4|4zjrZ*uss;|30`CojeOHBX(

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-error.png b/windows/update/images/waas-wipfb-aad-error.png
new file mode 100644
index 0000000000000000000000000000000000000000..83e6ca99744888e6371e56c4f6dc6531077ab989
GIT binary patch
literal 10409
zcmcI~XIPWX*C#v{1O!y1NmEd1LMRU)H3BLi3Mxv6ND)v<kX}+0MO3;-Zz5evKp=D?
zy@ZYg2u&dndJB-AEWX$KWxwoRyZhe{_kCurxo7TkX6BspJ2U6wLsLU8j!PUYEG%5c
zMz<fcu>7NWTuwf7`uIJ`E&(|vtbUIT^;s&0MAnWgC*AZO=&`U=#c|RcPaW6UeT=OA
zSXe|O|30j7%X`mRSfq80Z|gk?cG${7McErB_h@b8cf>|tIK|D+#{Dk$t=^mWjv`hc
z1>TPSc+d6j_cf;%7o}5Ot-cuDkPiO(Ea9PIH2;8&(eC?fd+iI|9&PS=g$YWRD*ri^
zerx0-;|=z^`BP%H-};j|YIftb!!7V`8|-lD7y0Saq8(~(?IZ%Eb<7saYngC;w!ekM
zQxV*M>2*#H(ZBRQ|HZ!&vZUUS_Ww&2tsk!brO$qR9brADKV9^4PaM<NegBIAOserK
zwjSPINJYxuzPq|r{<+mm8e%(6%WbYCF~b`=2qL|S;hBweQ>bTRtMT`vo^oWRcoP@d
zcZ!DR#IvpGfBW4$n=I?^0D*U9Iq*ab0_&@1{DScFIzc=0@<E57;RcXbMbmV9cF;la
znizv>P2`!eP^!L{ONgR&;5WRz=qf?N5ktZwpE!@ldZ^qw64KyPJ*Zj-qcn!m`d8uf
z{ubq#IEiv6*NM6chXxcAy5P>X)Hd_}`154vV~*j>W?S1C{}gd7eSA@oLv(lLC-J}A
z2;(v1ts@%C6~HQL(J78BA}>kocyfHB;T!9Jp4T-XSCAFJS5ymllI8Z=T<P{~TB5fK
zq*V$UOde<`-QFIz><$i0Yaz|gHT!f!E6=Z#Hx0%OH<rR-*%%(*y16tSwQmE54~Tof
z!8szJrg?yq2#3$Uasv*Df1CFa&usYZ4NF-*#qWI=dfL{n&d@m(Mjf6DQU_ergb<q{
zQ7^%*%RK|L;dMKMbICaZx-&IQnwINE`V8rJbdwJuj2Is0hTD@;pIpMW6$yBcVWWg5
z>)NU_w$)+VZgp@aN@5lWw&lPNjhjv4nVel&j{E^-x)B%rmgB0mTr<Pqn@#wIIe&p6
z$ZxgwOp%lwQ01QUq7z|r1x%|Sp4|dPGjL1*3TAzz)3~UMGgA~$0l1+DiOsF>`87{%
z=#rFD+~N-?CaYi9D5MEW&>})m;*+C&&@Bg@mW{w6Smu#&W}P1szYdF9G7HeCZY5V~
zHTg~IKqJD>v9KtcKm<dE=WdEBOz>_KLY7A`o4{A<Fi~zA7qKs5_s_CD@poHAQ;^%X
z0^|bLjAW7xa)0A*#9SH}G$n=1)Xlcc+1G{bB+qQG&^80>%o-14%w~_uuM#jw>Qxbv
zxc#fR8gFYJAfufY+eG~RCd_9iw&^G$<<Bym0M{{b&S_v4@K`Y;wRQmewF`_4CUX}{
z00Ij+fglM#V&t${eT*4$t~|_P{%zRyP%U7#&&N2cep5_V)FxtxyrDjeQ2$X5tQQw^
znZwMjg;-l{1KF48U4i@Nb$%P!GlxefnVXPxeC95UYKZ7a)h~KFaCHuYX&J)i{1VWG
z3~@9Ha0cz+LUVb$Jn7CshY2?r-+)6+8|ttvHR)K`5D&1PEvTXa(41L&IPT53IxNJS
z!V%+ief>9mmGhr1=k+CIQ8<pWh2FkBrVcsBJn{xzZMCw?C%K7tYB%A%w;-2h%!cQ9
zx6oIKL_c8AQa*Ljrq?XzM3eTyq1f6amV^t>SZKf#cJ%5H7_;G7viZE(UxV>1O}~e*
zUe#nQ;B#{T<wHQx23vk~pQmpBS?2Y3w1<1@G=%)&uO305K7LUEZG2vU<0>FHD&$dR
zRml9@Q!~>eR0~dx-i&DdlVUU0A;3b6l9H!xk0!-6bAuYd4*N$KP-h7kI+t}or+h?5
zQSobiDX@EEvi_J!vr8${oW#SFKkb%{TR{I5vv(%rl!v6&FlC@<j#bRDDQW7N45vR=
zGBDFeBAa2$_#dzadRjVRV2&{$piyYr7aLd6&{L*Ek-T`<Ar{6#T=XD5mp<D{xyz?i
zUjHk2vx1x{6P4z+y#mI}CfB|48W$-1wj%(JOE);xS2&~H#;Mp{J+rNXAbgyL65?Ld
zrTi$}iyzTE1!7kxsg51-83cQBMT-U2@(Nq>KJT%yO<d*>by}d)7S<5n@YMHGmsV^a
zqDUQ6MDQT7zx6)ldJ2T|s=ceY!>c&b)NO_wO<kQ}E;v-tv<hIk5_e!lgpa1c`FH{J
zg7xJ-6v^<SW=6_vU3bJ0r513zy>47#`_qv{Zgt4o%;HD=%L3j4K~!W42)?%5S*J;w
z$_}oIllR}Z{Wqm`ImNSiwQhy;$6<$DoYjH}sJ>X@-8_cYYyZg1OVd4u2MS-{r{_)%
zZZ?4dUKFSGZ!>&br5803P$jCP5TKuPr{~UxH^1ap-pQtxT;6LX(TT2QVh%?XZwl#C
zxb+1u3vk}GhCp3>-Mnd&F!0c8G`rgdfO-WYLtp=OL>99C7uE<e2Z4`*wKk9t$_0Q+
z$gPykCMy20K-(v6wCk%vVXUwBuO$;=z~MikixoNFFWQ#t<7rSrd+DGTpC*3ClH=X4
z1*UGoGUD@S&gc~<$LpI#QM&x*{w2QF)YhAaDbj$mFYXs8UOU=pBFu9$zQ|FQnw!A<
zQG9T&<-1(6ow!7qe$F3qu=x)HII3<BCSd5{{6uSj;Pcf*<nO+KpnIL;2EM}L`$aH^
zscuN^y!VFnsM)cH)UyEiEC1Ol8}7*SCI9MdExwm+2Q2935*h1i8<xS})q%{Mb81QE
zHc0s}w;=2P9av*^z*8=2T`^*8W@eSEf9Dpg>D{N3M;G-`M<b!LDSW|7N?*j;Y*shn
z8wzBn3b-;~&ONCAmQqV$ky6fFAS!>4qB=UzL~>kP8AsoeC3V&p+L?_4UCa6CCs|l{
zaf6&$ulKCO3phmg_`7~yX?dJWuqA@Y9i^&_6jZ>-nB(e&D(b?5z7(*nR~Ne0N`Bb_
z;P}NW5*nKKiN$88gRl*}fl_ARdl)h!w(|ZErMlE|qHb<oAf+gLpWPIqX%68nPYXix
zX)b2iJZQ-NCjJ*g+~{b#s43RSGTn7s+^QT}UMJbY=SO)@E%6Y(nV%tGprO7#8oJT{
zt)OG%niEm{el8)g=@k}@F%v$yG(UeKf7pLy*))O+?xD!fzE}R)J)_lSjooOYT<&e1
z?P_x%07dQ>P*D;usr*CvJh*1-g7cF^rH8mR)7|vI_I<;4@}O1090R!zU~u`O)G>g$
z#P(!0AC*c@Ogj*kA4F-7pUPO!|8UmM)r4PjZ}BBWa612(mFFIRSxMyR4*=CqzyQ+F
zpJ65XQY}fmt*#7x0ame4IXQ?*$>WoqQW7ydlETef`bEr<5R%1(FsD1WsRnzuHf&lw
zR_sHm;NKm+d&1u9w*G%-1lZM25sJ9qpOHlSyClbGf`IOzZUf-et=G2!jRzCc58#zY
zAU0E`6LDk`tv=jDT^tjuA4nH?tEvt=oMwcEJX_F#Q>rPK{5Jafn&ka`GsqK*bo@4B
zGvAh2WmPfK2NFW91}cD)%{W(u?-k7!n82bBafRe0;!io^K?%)b^ku|Qs+5iDm}NI$
zyB?j9gc!(a#3_)Kew?{?mhWnq`r>2{TdRWu?f1%9L@YoXYD-d^U)zX7=L7{GPT2!n
z&ij2$&tqZnfe6~Kc1B6jUT$d+n|AZU{`d(5t!xM3VRultM%ca+IZV2X=d`X5kai9>
zyYpSk5O_5RYkwZ~TKMMbu{&`3<I0dIga<&Sn9@0uzzxTXrw%5ANNUryTHZlHlXHzN
z848m@cB`cJO=D7m&Vo1HYWCwWxM>638o*}+WP1j$md4hsah|L`vx|#@Kna#>hC&^2
z^K*VdD>K{UyXGgIX>G-alS|6?A;RM`Ry6O}NXS-H^I*R^<vquRI7Zto3TtOr&@4oY
z@$C0UL~9^$L&7~mKaycoF9?6Qk1NvJwqRTtvelZO6y9D!tIzFZXdFZSp2*RNA;tpS
zAHJW0nKs|d@wHm;mom!=(1O!E=qaCxIZded@X$X`7$2Ft!@`;Sr+UQaK!Z{@A|I}v
zbkGS13i@S6$kARJvTxad)i9p!(R1eLTUMQq-Vgyya`r_{R{HSu+qMe%aMx$kJd%c=
z=aUxLKApO|wK0*fm{V{DMj%%~34m?zy7BP$2vZ#eNh3xLyiS_Vh<|$W)ZL4kZ!FE2
zxRqHp$GFVBQ)@ZdSYSoN<6Pb|%#)ueQV-f4nuRe!{f~}uw64fhWI`LY<7EVQD)(PE
zefh1vn{Ow=a1uUp?tb<`+lKjM&eSpH_KCigtD<ytjDN(*CPNH?zP4AtyCy-6hi~eH
zSXqA8zt+bWR}tCj%*m5W#GHjV@kTYqp}*plK<1o%{_x@#C_)SrC(gm#M25K@oM8F+
z>O{oQBT492HAuCa7MvObt#<QTn%sVWi12v3c1!#r_d=r<zGA)~r42>f>k!$YH|J=l
zud=X+m_J+<(Kwo0fH!XdR2f@^Z@}?yKJN9?w*cyMN7LrpCn$yiCl0~&tjGU2{r@3?
zIfnWFZz0fsc!0b7nql6pwJXS#u;&Z&vtH$cv-)-FANMgB?dph8p#0H_t+$uQ_EB_e
zT~GTU2005EUbl_u+T2|<{E;$LN=)tY9Let3bNfJLMPIYU%z8Q=h(28vDb0LkqEFQ!
z%`Se(3<5VY=ernNbVh5I@LFpaKIrGmcUJ4r^Gi+d9@L<0h{IPh&7*@JuZm2)X?>h<
zSa=(B!>>1QB*ZKvgG?AY4v!RaTjEm1bR~}_YpfVzHhlK0(G9}~nSb>0J|S)qu`(XV
zvE&U_j;wz!YW|Mb%OxbAp>BN8RkDsbR{pcN0~}`-#41tcQ%~(9)5-0%fA08N<rra`
z84`mFzSTmB3o&(v7fp9Wvc;0l%d*&{l%c!@2=&@LCMO+MQ&ZCR9SiRl*WZ;}GlCTv
z(wzoFaeMY6V>1`hFn9ZvH?0hBizoI#$6|Jz@~C-p)e!?Z`s%q&buF(*FIxN|9H`YP
z&IW4~P4is97S=ac64%>|_V5roO21}}H;QeklB(h6OoM0bGyuui8>V^PyuR=O{y()f
zD1*M?lhjbHFW}SAw1X#JI<oIwn?uE8x*Sw`ZfCg_4$JDwZUO>$$??98H?<nc%J8Pt
zv5igPhQfiMkC_Yj%ag{q{5K=0^~kZ<`2}TsW8kNf1A+1`Iykz|Wrp8#&Ycs4NQkqC
zO?DF*{e<eXFL^aeR=(@X<SoXrHU^9{g9th{Jx*La%Y7Vb=-T9ku*?n_|7NGTDO_-?
zO#RXs%_sGv#<5uG&}fG+MZNY7h4WvAZuAjXRFI};?<3%L2Hw75_Z`eVDUjEJe&(no
ze{5@+mN42&Qp+kw+w<zb7F`7+F&J}QHy0snT|18oQa1(My8?@E#1D?f6~QVz5)59L
zcER+iljg*zUrF6EbQjZN?JGj}#IIR)BL<#N14gUnGpKJ<8KAx@Cmgi_kOwB)jOxl5
z^n6ol4bGz9fMU(DV$X4V1<go+WWHM$+}c&gq0elBtag+>jURwH1LL`CX@^U0*c?yM
zP<z}ZV%lUbQe8(m=Nq`bRcXa{#|KCAL>wW0SpJ@LIWh`49f5eFeaEzm3Ep~>ypy*z
zkkVIohfzhA(0#$Pe~1gN@Yo!7zD;|_l`Roj&r@@si50-k&7St1b7B6}9q~)9weD#G
z4qGhwaEK;d#=4UmuWOx@VUv%Q$t=ZG^j+Av7Ma4{zHD>@N`|QHdgk?hofdw$I)0_+
zw1#c9(0CHLx8@D?;p6T;j6shn(YmSv9Ijlbin7s746Sjwb}5q2kyN&lGR6j>7v~&g
z?MsQi*W`bU+|4QolQbI?xq8XN<%`|t0?hgS7Z5OdB$&dK;GTtF>&je*t+OL*H*uOt
z#ez0_m-?kngbfPvPCKj!)w!Lk$oOPdC~wwnK)Fe|J7j+y77%tAVqTCyefKG5ElBMy
z&M>}3)la3+3~f1vyd|Vn4z9}91#|`*WE-wOp$v~T5Ia6IT-_TA!F&-4Pc!_ujWc@6
zs?J6pVfe)JX7YJ|v5vQ$Ft-Mk+Y3u!c!wScdgWJ7%8jFOq0`P`-@HSe&%n=$WVdWP
z&V6-eAa-~{@eO*hC2zB4_1Pr4+tNWM^^dy+8(MNAKu>NI43~-g@k$c8wCj}y44|8c
z?`v0f7i;H|dTalILYA>Es1)mOzUl@@EBd22-N;}Csq|KLtUKgdY<IAn*|%X?<jKxU
zV=2hy8rPR~-Mfqnd<Jq3NrK4A$(p6hG<Tfqn|VUW_6NJD+ZpAv7aCK^UbTn4<m8ql
zJDk5p)(ev4)NFamB4EY!^I0|B)k_Dx%$UXrKXWX9JlVLI^bzueTI5*`m0T*Cj7B`j
zNXw$Brp)Q%x%x`B^NbQa(AfJ>J!Ys#vZG6`vvl^A2wB$h8e{9)6LD-~+|3S6YNloC
ztGhMiQi^X2g<<hKD&{=K1X1Amw)skohQuG)NZXjl_@lPxj??m3BPj**uJkT5u-KZ4
ziTZpY&h^(H%b%EGFC^&w{`i>Lvhg)tjbt*DfW0#meU03lgC^ciYkIf;wifB0x7T9!
zzS~bY>?LfAonT~HkRuN$PowofUmT|V-5}pPD<fL2$FYNXG;fo=>=U7O0@)ihrcgUr
z#*AVYzxR8unlSTnBY_|v=Arvx1d=V@?Z79UQBE@X(V`buW16f~nOr0PY*S9sO$+*q
zAv5E-@PWkVfu#3+Y*6v`yj7u<nZc^#cDz@z@4*4XtNKM}y`64{uc@uQvw2PGE{%TF
zcTrlT49~4$H_cmluxxC9_@I4W&`~F(KGj9I#UYDZ&v0k>t7TE-bITK=iJ>CvUzA-k
z4s37DWI)sC2{X0BWd=!g(~Ue`1<AlA+T#^BdmxXO6*Ra%#L3H#W>s%jg5pzYNnTbT
zE%fzrZx)JFBB$?XuBc=^2ocK$hnj8!Ja+`oBlw)0)*cO)6gx9U5Cc-&!!5T*$}i*?
zrLp-!Wy~p7<U%Y)5^sBifyPtcc{(FF>gm}wu?INSX3=(2)ZKoqu<UDLR-lA13&;~&
zA@MDQ?_eNI?mew<q;X0^Ugki&#(JhliPm&Ak29<IO98F2I>7eNNzGgNytvFyyl3%`
z&RMZ6d8h^T{%OqdU-GbR?0f*gHfPct^*qKSkn-?`I(6sE6_$)cKCH{P&%+0&apE^!
ztX}<CybMg0uX5Q{^HM*2u`tfc2YEy(%JC5W{zJYyjr?}8n4YWX>sSUlxEX3c)$eZ_
z(uq%HtWnHoBNXOc%Wa*MmKuIS^Y&{i3kI&0TaFge)V#IhKtnH*I8W)-#R~^+cEKc@
zQh92!-ZQVwx{1k~)d@8?>%pWkPn7<=Q*DQhcyJ!jE_NuKe!d+qHsGe|ss!>-dfHlo
z{4Z7F5)U3|8QEtim)G?SoEKMNux@YiZWlQ%TykG{PVW@yk8=Py#wBTemtV&W4>uki
z2{I&w?(yuTkg(LZ_$$ND8O+mqL9N_t?azgJNg=1bl8=53S5F9nR?ofCyBGV;p;>Xn
zeLPmOcltgu{?Wq4t6I^P8M0`0zs}IS#2bCPp%*EEjmjD_eT^ZS#$Da3J#p;Wrj(((
z%Whs_U$29Du1b3H2s$e#pPjybScQ7*DPnZ2VREBrwcM~&;l+G<#bqdgM8p1QNXubu
zQ2&JLCpb#rdOHg2Z2LX=PHTF%fWC<ZGEO&he~H?H@OfciFJgE;(9f@&o>@O~>6N+{
zc$<2cqCC>2_M3iB)4J-~6W!(DJ*DOc<gf2r3eP9T7DvwYoMRklo|=1?gPZ5v4+n-e
zY_-TN6+z6s{!8U-b<f-;KLR3BDD3aT+hK9Lk8TZ`(PvMOHPyx%V);KH&w%1L9b%_u
zEVeIt8SD}Ksi}h-*bB0!q2kpE_}VuPlS3~~5p>AUM_ki*l(<`3Yqf>ZpCh<$DoXcm
zah;lvek6QhDy7p=MVT4Z0p0HnU;3@6;LH-sF6}?hUeefo4HBG>lJ=?OInVTkHFb6N
z(uz?3@+^(P;khUpPwuJ+A^)G(CE@ybc>^}<V39}({H@VA&A6FU8kgwqGk&XG&tx^p
z>4WXxh2apVspXwF7d0qepWc4v{5g8^{}hgg<muz-WF-WV&{MfuiX&apVA=VywAYca
z1(Mxv^^HZOy>;%r&6(9f2^d`t&f&~Dp+nn~8;%@qA{{P%^!de+rG$T};aWVx`kQpj
z@wwv*3huKPHRaywv%Ov#d>p}TKTA$gqqjMF87XyRgV!w|chPLb>FK2?qdV|rCwUlo
zLeR}_AYUD2bRZ~iDUw+=f=vf3F8z7pl5k&5f#M2by$<ce7xav{f;6Yz%G=?G)O0MV
z)9%B?q?0r5^7F3t-5RiObF!vsB1*c{x`En?7=HrnE1ZV-7HPPiK}WuWP<o^ZkhF!u
zg&5knZsNuYryN4XPbGm(j4-zCbuPp_`sp4X*8i%XQq+JPmRRyk@IV5b3vzZBZieVf
zffpp2)u8;nu*5L+gNdynzvP43efu@A_=dM<{z1|J3N}y)HnJ>qma9moOf`FB<T^{Y
z#~06@r~XP8SnhBB=b6S`0nHlYPX-B6&#=!R)kXQ+YPLbv`IB?kN15WF;p$DuIsXk|
z5BBgfOm_@{TKicWR{UOdJoHr};e;h32ai@Iw>|E6H>ZSUy9f*C(8dvSqW7|3%OaQZ
zXi|(95K%c%^s{PUJf$_+OA{%kTNGbT=cAYMH2u!2knf9UD+;G|9&ADy-$8UiYxb0u
z=&<vX5^8$^334~Yo7D7%^du2avwgKfVgsqs_&XDB=&5gh=F{DKx>*wk!dDRSIZNGM
z7hF(%EhfI5j3t=hlE)S&Pv5f*E5^}>=F*3;LPrmTJXWOmEg#GXgxFs%T^v8wsevmV
z4xYmMY%KEKe474N#rcOH1`E|q!_|zjc9_%K)Q<Nulb55p^t~qDqOQnYQG-^3(M;84
z^(VUZq4rC6S5kb`i>fWfeG|O7Oql%o$o!lB7iQ}yuQ#x%FiL=NP02x|82-g-#(Bok
z?qLAv9Re&Ks4q3v_JOx3U8NL_Z?uI8kPVchwa<li?L{Cm$YPa#iYpFdeV^N$4V?|Q
ztCPHh<}<<za9uFbyub=uShfERLe;W|&G>FcuMB!2^nQfz{Xz8>U~q-Sl8qvc)59JO
ztSYaGLL*3guhm`bay!%%!T5}FWEGVw>GKr$Q~1AeYEHp(H*ckTiDFisRK|$;^916U
z-CQXvlidE!Z`U8(KMK}3qG>(_g?2i2ebp$LOGnI*NZHDFX^P_lMr^1X9v_0as0t%^
z%Q=+2t*U9JyCK-pHGpgY8~*X4#b$_u`4lp^|FkCP39Z*95!MGY{(=65SUeV`WUA-N
z^nKLOHfxBa(-S9B46gD}=+$f`qGxkFo#)Q{Q|X?wRGamS)bIy`R%a>gHk12tstP}k
z3<nV`%~zH<MVI22Gs;6#{r!5bzY-Bpdt4_|b|Tl;=yrSICBL-@B}bjW5jK0W;~;Y(
zQ=GAYjN#^&^-rE@E`Qq)cxGSYfGO+HSZ*aL>fW;HZXVtC8d$2kC<xoemY;~9u_1yd
z?`r<*kGpD1rCHlE;uj*I?cVQqLCgBZgIkqezkhhq1<Q2`pvWKceAEjyZuQ(wS*#&W
zTiFtmr`|6ZnaZWShw8ZIU}*LkXqjU<(jlevuS?&B4kBtRmU9$`K6m`L9N=9{(!Kuv
z!e!x^S$9<ut6N`1nLvq`tm*tSSlLaZmVwJn<Kx&~vB2U9HFr0#=6wz!)l0|;1v%KR
zwX=W5O`n)a6VY4k0s-xp^xo^{Z#DnkFrfy+C)I*4r}(6m_TvdRP*HYeYrTFg$zZ4G
zJJ;?)93&BqRVQ9;ZrV>Le}dZQd~W!nZ5ue!Fo1|&u1k)6;|Q8*__|-VxT7p!(ywID
z`huF<x)Kj4gQ0<ZIioZY0#=Y^J~~1CZY;Z%U9@f+HUCD>#mFly78&i}z|bu!De_#G
zo}=iQBm)WM8V$+m(-kVBr(b%D^h}NkkIjEwe0BvI)^N4jcQv(Dgr?|=$l0|oC>M0@
z`wjaFgRzH*c10${n3(Z)TZ5N{LLApURwv1h@3_MVX}@y1JToEUiRX2fszy^dTllL+
z8*KXQYb}iXh5nq7NB5R0-o+K$<t<lFc$Q2V8j(XhQQeiz`cglPX9h++?)vMVr0{IS
z?FB&OaW9z`PT&2yzlo@fslPBiwu4AOS%BPruS0`jfheXK>CF;-jMsU4Gqf&T09-9e
z`Vtat`cgt%TPWZ|(pE^U<~iBO+t)#w<w_HrnACA}RP=N-MX_JmbKyk|pux1?@*c>>
z(C(InEkJTZj}qv$Czrj*VqUdG3G$n0{Opn#@ByzcVcsj$i#i`+YQh}dhqg^`$V{Sj
z3lS=KrT4)4oD=2flE^hTGT@L18jLX#KA{<u$~6JCNU3X<SEXK%;AvKHqz^?d;n=g9
z5z-2U!~aZ!v1SEc^wg(NFS14LsZ^eBlFYH8<C;#SE1t7_FeiX%49Hmzcy3n~!ez}8
z?ebBdO+>_zz-`x`cvZ}1qJs)`y?y05Un-c#?hKfRbm?{8Nsg?baHia9mi>nvZrPJ%
zsAqBiNc-PngK+(P^v^MNfHd|@7}oT%AK&zg?y9mFvi}EC0sh11VE-4%2>)RYETsMU
zy^+Wjj4Njz!tMB)9rO3J4S~Twmv)Wv-P~wtn7Od@dEi@?ieHpAT&a{8!mom<Qw<6$
z16&SB^6NQJU-l3_4UsLLMny+UqO&u=<qhTJ?9sp37zZ~%tMA$!J<y;Z%LVhi3KGCV
zU!g~@z5;NNSA;;>$4{zoGoQjgtYAK!n{HLl3D_^r;S+!IW!LE)W(U8qXFxaDZ%{A+
z%@+<ndjHf%^ja@?Fq|u5NblVKo)tBINEw;K%97}^rY|KDTYab5eLza_jSqX|iG1Jq
zUw|K^8fkPv`?CSwPu&F|U~h*F<s&b++7n0NI^^jC$Z(YKCoL){V!=By#~AYX6!~~5
zd_=5%jIav?G~3yx_^w8=Nux;5;ad_*&~nw2NhYX}KkA?ILUY>zk#87!<ZEMq(V&T_
z;zz4iP#h-!V7`8CvU=ekkHc4s^>%0QdtEjMR|h^z;ZJ!|srr#K*Lq%Bw*Uv4E3=0J
z{5HB|^cX|VT+>*%c9F1OhNiUmk**l8oND*@@FYyQGRvx6w<^c-L!Q#YCVKDUMybdu
zR;MtBg~j|?iN2v-r~hlK$Y(bXD1jS~69gLdX-P>u4?|uE#4B{CLV7=TC`lehAFzQR
zxK_G7Va7w$q`vjkb%(xG<F&JBJX?=S1RX3F1DfiQm=09-q(X#rBq(<8$M)ebggiZ+
zte3B0=hirt%508NS<y;}{9fEgpT29e(D*OGBLc$tn5x{m^2%-?aZ`f31)QNdqWxkc
z)8z)Q+zY?_U$wg)dL6pX3SGI?9yenpy#E9w+fRM({w(4wpKa+F9iqm<QrLMR!c<#&
z6CEEj9?2$pbN{ougG+a?=FiUDg0F8;f#(k+OB~F_8jTSUcT1PR$hC)X1~VP<(z)^J
zA!4K^%^vw4ctZQMt9Ikf_4+zRg?lg20s`Yv!{*3;32%*Hyw0-Z)bk-Fha;NnQBWcA
z&U!Z;8|3b*&#a=~t3dX{ENd?}s~WTAsW10_BfFF=M5?(aYVT<C&H}y=`y)eRubp5~
z)aVw_?EdpoG<vx$ACUAWsw|Y0Z%|dwqCIE=<UNc}fhDKyYM!ForWm^|JOs9Q_gWG(
z=`UfU|9Wi$60yr&bP@k`|BJWDS0$UpnlJWSMX8NVe-Iy6Z}whcJ5QG-47lf^W2ZX~
zq%sJXwDCrUYLQna6WztTtCF*Y(3T(dL@CW<KYDuZ;lJ;*=ZVEV-Hh^cYElK&1}J@L
zn4h+e-~X^uLeHHEo;}|E&;4^%f-6VrgX`0lru3#8dtXL+b#H<lD4CeHOlq~x{{G-W
zO2<Q#XPgh2A9+79d2sU<f|4$}Z=gFoa#I}L2*oUSW4~*fG})5R3$<R(tB5gqFul+x
zA!^wD`oqyHXjsT2sp`}hU7<DHFT9*LeagPfb#L6)5i6bQ!Jq9>8qWe6^MuaHKAsXQ
zMy_QZ=Ky?8h%lw!$~&Pd9$x#_Ky-HEtzRcAc&Oar>$TdB%ySf5H9|*N@xrs+XQHXY
zCD<|r4rskpy*L|y%XEBlZ&4old8P~&_t|<dj(bBH=k;Eka{;gP2Q{1hDONQ)bzg*+
zYVd42-r6+s2==|}`z&Xzw)<Av^43z7&?jeabY(+Q^L8aAAmh9i%g+Nr%hek0qzXj9
ztv+4Cv+ElBKA?ev0#F0XzzLnQ60Cb>avwF{b1boMB9!NllY{JlvJTNZBG@txQq>HZ
zMxx(DMlDEJhIl>5N_!p6t#QL%%i%)e(}hsiX=CSff%s+N`9f+U=*vLm5XM5N`f<;>
zj8B8u6q&fD+Nk<4>j|EX&=zuJf`=w4MBgDr9o=~kZ+n?yObWQw?R&JQYS@{ubN<i9
z&598q3VDF>>Jm&VWqJKV@%u;#bAsO}@-1-I#>|<t%*XQzkmzjZiMdHQ_w7WbcC;~A
z3A8S?JkuDZWT1IT;Kig{FW`Vz7pcH{xA9pg?K^Y4VC0fzFPibo&jd)c61X#6xMYJB
z#7{w4(dyqHOf3a)r=-V%E;%oMiG85TE#?>(=a?$j?Xj?bbNu-XaWCYl==c5Pk4cez
zYtRuY>`U~|3rAe|de21Nk&x1W=kz=0ookig2@V#Fe^_EQmw?e{|9T~#&RhTcT)O|s
eeLZq$VzPakFHtT$C0O;h#rTft?F#*8;r|108stX+

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-newaad.png b/windows/update/images/waas-wipfb-aad-newaad.png
new file mode 100644
index 0000000000000000000000000000000000000000..87a6f5e750a826d022683d8d4f386fabe79e70fd
GIT binary patch
literal 1486
zcmV;<1u^=GP)<h;3K|Lk000e1NJLTq006=O001fo1^@s6;r4{y00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxhX4Q_hXIe}@nrx21!GA>K~#8N?U~<e
z9Yqw!{afy{LP2~~5LARdSVYt!6-2nG4+{F?iw`2cS^BsYpBfO+h#;0qS&C8&6{?|C
zt|e`4k_Ovs5+m9)N<fb1%<Sx*`E`?ccTFVUDIdCbXLe@x%=z4%y}4&F7!Uvl9f$w`
z0}%jVAOZjkL;!$+2mmk;0RRRf0Kh;502qh>00R*KV0shb(8G_@u~X;hXz{r@PPGAG
zztD>alK8_fexz5*pAB*h8Nhy~a}l%zZ+ty(a5CKY(4)y~0N86f6+uhz);Ei^xPF#a
z@64Fvm-*Z?)3bE%gO4Py1z<1fOoVVdbn@~t&96?;wW^>~ql%tCbCr&so};HBLzZGh
zM57{E*AGJ~E263#Ch86rorn-h@aFji`sm6kEpKem{O^C!r*muOi6A0$CBslwkVaG_
z>h^|$XS186vPn29QgvNm`wvTh<2fV_6_vwO-Tq}_5poi|J#&*Tt!&WT`k(aLxf|wO
zcQQz@`5$Lq{|mb_M9hjOR8=Jn6ZJ9wg$Q9nT3P#j>Ks53v;-%<zh$;VP69b6BK-90
zrb+x)YZ;Dzcgq}4B!lcBWHH_U?)<RiB?wBLn6_!64|mM%O8$=z>P7UwQO75&OS)9@
z33US2WmNc|^&HI;#oUMgv@@c)r;RjpB`e;zx%l_!?#+&0+PS%Yy_g11V6Tq*EQ0tq
zYZKhBUb7(fBi=@P^}!tbVj>abZv>L?@-lprUyPU5KckO1+1=A&w%VZ4niWC#;D?Ie
z8BS95$5)LEPfndr_B{@Xoej*mZy&#|y{5*VXphbMwDop<+%{+2IE*Ajoj7L8<}IX6
zf~Ie7Tbko|f!i^|I+fIcB=L9-bxly08^?x0Cwp+;_Ch6yuH*YM$6>7O7;P+r*xEt8
z_;_CeDz@(WKA1>^7e2XQ5?+2H{q62$^Kv}R?*nq~rSdvmT)yLpaQxygw6OM}LAFqG
z?uqxmO!l262$UC8MR;C5>!gcB(7_HDgNd#W>YA~_YxOuDVY2)EcuxS84Bl8lU31Qm
z7oqJt7D4x&mfGH%H$RUt@;LOIqk4bd`Ej~sA`u=q{8aPp|L(U-bo$0RZEpQ-j^$S(
zErL7&7UaeG>RKa#Y>n<e@?5g-9MR&W5<!9+B%eK%X%jAnN#?lhXyF+>R(>JJix4Ki
zPS&{i(pvH&wEgWsgs9j)^_+YXB1B&Vtx&NDI%fHM=$eUNmbDCmyeo(dlI%_dCqZ%P
zcJp-jHxjsoOO<v}RFD<X!s!JH7bE*En?SBjmHPTf+=gvLXp+FcpXffaWRl28?)vlR
z;Ez8};<#-~LWD4uI=-oT=|j%#W*sJEVi5!_gKUZ3xv)fcSq4e|mCdb=Bw&(3^OH@Q
zq!PtXNLef{IT7jv$t6KcoXi%L3?}hZ8~(igJA(ae5>bAM(jrMCB}Sfv2;p3|5y7@k
z$RwC~=!DO`BiLB$e!X$*hiFX;erc8$=Qy_g(1{3wli^tXhcnp%%`U!9GuNM`GrVP*
zSOO+mD2H1x`_qG8njqK7Zwe=pbe0t%Y%e8|d}iEqQc9Oi|8)Y|qLZf{p&mQBzbJ7n
zMru`(F{zW>FX3Fb5kYWsbS09~mA3C@eob3Hmfje4&`1Q^cRIFx(3uFrp~sFi2|qPj
zF~1O9x&5AzVp0jf0YgO4()CQIA_$=j!i#6GK?1M~65G0->0AUs%YY{V*bQ!5mEP|4
zM=v4>B7^*~?C^<cNC5Udy@>$8{|Sfy00R*KU?2hj3`78cfd~LF5CH%NA^^ZZ1OOO_
o0009K0AL^j01QL`U@)M606o5J$(>}@kN^Mx07*qoM6N<$f-Nqv9{>OV

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-newdirectorybutton.png b/windows/update/images/waas-wipfb-aad-newdirectorybutton.png
new file mode 100644
index 0000000000000000000000000000000000000000..9da18db5d14ce2fad942cc1ca8557749650ce216
GIT binary patch
literal 1005
zcmV<J0}}j+P)<h;3K|Lk000e1NJLTq004ae001Kh1^@s6xda8G00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxhX4Q_hXIe}@nrx21A<9JK~#8N?U=ud
z6G0Tm?;o<c?rf~Y#!4&#0XYO48^Oj#2*EUhg_T$wBtZmA5$smPTI~~?R2Td64;bhB
zX5Qq@?CiRmgfn;ZKCoPNc6NTe&%BqrJ2FafsPqC+=>?+F3q++Ch)ORIm0ln!y+BlY
zfovuH;^L2aK6+tp-nwmW9G{pcPoJ6d^R<7f96G(FL++is_el7|M~_K3#N%GYUk!Rm
zUo3wG;U7PJ_N|6KL;Rb!XTC)_WO_+QW<&UwuixkZaAu?2bD3|V8lO-fy2h1n?Z9Gg
z2FDZA;|-c?)aM1ya&~G4vqkvaYn@k!&e9>7g@6C?Gn9Am?)`_>Oiu&2oXvYl+)$ZO
zhXb$=>3gM`9Ml2oEFIYl;V9)0jxvu-hj85AA3UHwIkuHhN2TwBR_Tz4tVWgtDVT*L
z!}-1uZ2I`rOp|!VL55J#$G$_)P~L}gv!v&nuZXA&bGr|$lP>x<23(FgF;lS~xi%Wl
zR;PjOC);>lZX;-~{u$OS@5BBUW;*0Hdqq_c^UmG6hW2xG$lZIp(kLCWk<BurvA|R~
zN_<m>N6>dOHYqkCGXRpYNf~H73eu_71|xYtJlo)eaKGd*1zZ3(!rTGi`&7D|C#;RY
zIDY)5-#_F&YxBDC<h(LQ(Of<jyONcjE8#30f^ne_4n}Y2<Vzv$b2YYstL&yII0%gI
z(;__%{)V(Y-_MSf92hCOmg(VrCoN>DzwlhX6A?+T&nx#>8$-O?IDSuR($f--U(TfP
z)-v7^8ASKl26Bu|d)WvA2dPmy`sOk?9v@_-N8>uWOYb&sU>E5j0r=<c)TGM{=fA(X
zgui_Cy7kYpCaSSqEEX?<V*@g<&qp%YHmKowqjcA|sl3bJ=Vc`8ps}0Fdph1mq9Ceb
zf=IfXSBk}Wxp^71(eD(wIk%uD9g-mzpnN0q*X!T(Z&y6SLFf&{*>~|iu6R=jw#Xdn
zD*~5fBn4cI!S{6epyVXgrCXwP{o@z8=zS+H%$puWZjTNt+IXLQ?=K-UC*7?xUtP8#
zD;=erL58z%J`BnwlN|hAsYz$SDCx*@{AA%c0LtZqN>j`J9jHkM5KLvqUiglOeC0pD
zUq5^LE@!gR8T?a5v-|qdDqXprsPqC+=>?+F3q++Ch)ORIm0ln!y+BlYfgG(?E2CFQ
b*UJ0_K8tdJSsA;E00000NkvXXu0mjfMy1)~

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-newenable.png b/windows/update/images/waas-wipfb-aad-newenable.png
new file mode 100644
index 0000000000000000000000000000000000000000..f9bbe57b266e83e28d76ee7776eb907ec9266d6c
GIT binary patch
literal 2757
zcma)7c{tQ-8~!;d6xkv|s4>0{LORG{P%>GDvc!yo8jOU5#*wkL2x+m!Af%HdyRnsK
zlx7eUIh|p~*s`T&DQ3gW@J;9Y=lkbe*ZJdJp67kv=YFo|dhh$mKJ5Wj*tu^f000Uu
zr<}Y1Knf?>JIn6)F_V%?B#TtM7xXyLIIR6eVn~NO!W;ph<^C?w`Rx*0?(!*kJOJoq
z{uomC7gxdnU?;-G$<Ze<h*jE>1L{}H<S7Qm(Zt)ee&)W}5!C#KZ=+;wZvB0__nL<M
z4lVgX_SyQ_&^yVkv1U1UTk>Kruc=_Hyq+%X(OJ$_s*A&aea`l4s_PC%VVu2jGcwim
z#w6ZXUtfU`*1n-50|2LwWoZI{k0Mf%GUWzV3UJ`*p(Jj*e{z>xPWiOoK6zodXyqlM
zaSAsNWv_4;iTEqwsX<dbb!%+<w)9e(KlxHcWtR*jdvTFyM@LRi?#rSrNdh;^Ov1?b
zOebNlrn7QojnrP_iMMIw=3t<?Mh_*kU6O^MpdlMhCnO`16=-R&+JaC{Qhl_=yzxlN
z)OzdscxUFq6nFw$)tQ11gu3#F#=x)kGYlf;--5qKc^G9uzc+~#$cBQ*zTYBKYeR7N
z_-f}6oj&y`<NUwIkIJ+C&df45Xc{lAasEtk=-9DJBfz0QfkXy9%I&&Ri9EnGJV!S*
zcx~+1alJ}RTA1w1&9B$|NK_Wpb;VTJvzRBYv+|Sog}8qx`aA*YJ2!5SW6@A~JO1vv
zLJnM;&U^!J8(I1SkLXE4TY^3B;B$;vH}1W!4|&(bmjfPQ1>2M!td%B|6YVS=)$&7@
z!wZU97zS{CFj*u$`;J&+3c5z_QIm#!MD@#>(-WPW`J{EK^%!>M5ter|@u$dOs%d~#
zoBGw1tGY+Z&>`E?G4J`o7JZC#*sY8OYK2!)HEx%s>h<w_ilXcTmX=EGorr=6TXf;z
z074dj^^kBb*%mH#<_wXHnJ(wGVa=nljfYSw@hh1Q&2EH2VeX8@neWN+C({7nHhvGT
zcEQ(uv)aihlxK7s{=|)WNG`{EPoKuYwc+{pNSrQGJp=KLw!;v&PBb1Br(<850<)W~
zzauRd{rsWixHLvK{D%6?YnulPmqHkW$f8}ND2@fBFKFt)gryR$N*oZTduwB7NHhS<
zG-7F?M$%ek%dg5^`EQZnp4sSC3gN7>MNE9-{BVdor&VssP#m?p^s(NWHD%)FI`)_q
zIwLjm{YYcX#|l=CKp6tO8*{j@ftu%uuHM@CBF>JTux3I+1$W@yM0ud^N9BXPt|MUN
zHeFxcg5b|q-z<`j1T3X+ZoYVob?Nnk)Su=pLGnTi{0->U@Uo+o<io1UBhDP7EYFzK
zsfi`d>ik}hNWA!GX2ibEqt0(HBFA`wFyvjS*;HH$mZd{_f{-~G+u>tt52Q!mz_O$y
z^m#qyK;{Dy_}NQ(C=4L^+n23&L&*RzJAM6M5bYmnscq|7VS8+Ob&iyC!=z3U>h+t0
za$Dt#WjBnEbe`C5z7067heH2=_>U6K#!&*eCktNAbRaiQ&RzJlRreycxTc1^3J%)8
z=OV$Xn9b$>Iik)lh4EcBxNHWc3!(jj1lI9en77{|i8rityMjfler!S7+8@HXoX(c*
zXQj;RREbduyM4%w>g)?;nu#@7OkBUPEgu`L^pP=M*<C3XO{RQa0~y(`tzg)TX+bBA
zus{9pkrGb)*^K1wfkY5*as?Rs_1bPcUIA^k8+q0cqmNp>tgG|OVw<mZ%a^b8OnVSz
z=&6Y<bIzWoAQ$?^Isarpji?_KhrU`$7kq%ACod8#^<9|Jl?&st-PC6gznnkUR72`w
z&qiwbGn~vX)v`C1vGKQ%ybC?Fhr9T+RJ7nDtlN`7eC>wT$w&nAUoCrnixvrw5Tn1L
z@87eVKwm11NttOwk0zW`Jc<}_UDVwYfe^hKxNKTo(^NQn3?IWFh$irLj0AtwUfiO$
zVD?isCPAm^pw)=yB<)BLGb<*Te8ua6xm=J?RuMf8ey8V_Ygg(tH59S044d403UZ=V
zlV!Yo?0HZ7j8Z2e)665jA+0tivAiSRw4t1Ik5v$;)%06r@V00b`d`|2VM^L)Jm02v
zJ@R%c*Jfw5@nEo9?JzRRnLjxl%nJH~MQ*Kf!;C4G$g;a(pX)WLrba;>?6*TR88#Z>
z!v!>9%tOq2#P4D@Bc_!RSR9>23rUNyvnC9%DZ)djmGdLI!~Vq&t`UvK3HU<opANd{
z{|bMi(I7sxmCKDvP9i*SqE2YgiO&jfoyDrhy9zhAsg`N~`lrD_o~35LaMYz6+QDv3
zOYjtKs#g1VcOB(J-9hZwv%N1Z?R{3g&r4E8>d-i%{SmI+sM`CiraVhrCW{~gQeU+H
zg`3=W)u6jK5z+O8YO`)8{j|iJyjno@V^`bNvbv%cLlX#BhB(lYM4e~Y2P!^Qhr#t#
zM0&mf<sSHpJg8Snc(~;GN|cJ`DIa~u&QxCVAb~i2Yt*2f+D|tnW^*|T)sSA-5U9<l
zMr5RHs(624A9?&tA35cLXxE9BB{{n@eDk(Ulhz=F>`kx098D<8+aa)cp1Ta`=y|Gy
zA$<E<LFp**gj=cgzfPPHPb*risBn2{TjA5&9rNI%sP(ZFZdklcfj2F@Y38}5awpM>
z{f8e6Pi=p-?n;}%N4b$Fc^Med_gc4&Fp@iw{pPJd`Ou}q33{maZ|iiIb7x%@(}cN}
zicKDECI_?MgFo+Z(XiAnS<r)c$KkS(da(l!Ct8T8xzM7!`Zpm{?XQA<Ggcpk7H~Z=
z*GJ7D9TjyRMIq6*t9ZZgNOmS%tvi%PC~-p}G+z671IDe^!;F_yDUG&EX)5i(V9~qd
zvxQ2V?74xZigj{|Jc&ErBeqjD4TOkHnl${vg3LLK9|KHXJC}S=9uX|LOWie{4cR47
zY4@#iqOmNzes9~<L#7isdCk#w!VhGb*T%Cs|886T#*@r(5as*104=wOJGt&5<$LoU
z19E(us+6QrxcftLshe6IY*^)fyGhoGb4X?eh(w)!p%L*hvPu9x$b#-0Vt)BKvXXRh
z><?C@Fgn95$DHz6aLS_6E3i^en_#!rf{AJ@i1tQ`Ci?iD%T#>%Cg3D2(zTeX_?@BW
zo7CWepZbtkDPqig@)m)RhBI4v!ZlAxr7~$G<BH){Z}^%u@xXyG>PwRpP%F%w({CXl
z&&02qpE5*wjh9pR6|vpR=a!IA<c{tt<@&hI{gK<!i6Z3KmQv_yT^}f+{T0f6fVYwn
zZ~%4LO35O<yH(XZXR9YlG}N~qeC$#n*>)9ihH%;T!}y(Mt-sH;%sC{&Mfn;t@tJ`_
zYC~{>KI(nH-Uh?@Sh>!Cj2-~AH!GOai;r|;S;~?wk^Z+Z$^#D9uoO8-k9g!j{wn?d
z8V>rT8<+Pa?OB+wk_7-f+b?M-z;hYNjr6ZSwEa=izjP1AvbTW6(fm|8LJ|Q0Tuyp8
JH6A~A{lBPdU^)N*

literal 0
HcmV?d00001

diff --git a/windows/update/images/waas-wipfb-aad-newusersettings.png b/windows/update/images/waas-wipfb-aad-newusersettings.png
new file mode 100644
index 0000000000000000000000000000000000000000..ab28da5cbcf18a4a24de856fa290f458d328db8e
GIT binary patch
literal 847
zcmV-V1F-ywP)<h;3K|Lk000e1NJLTq004{t0015c1^@s6{%-bm00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGxhX4Q_hXIe}@nrx20^~_VK~#8N?U+An
zR6!I+{X#Z&+E^JuEJU!dF`x*7g<zwgpokU$iy$b1rHBd^BDNB>RIH6!#}5!cz{q*~
ze&KqZP4>Q7+?Vwp81m-Noq3r#J2SfnN|FRfVUiFjOcEl6NkXJBNr)6C36a7iAySwm
z#N35>`1naVa`aev{pM|7k}MO=!fb8*?4KqaKY6+wJao8|Mr?2Y`m0^CKWP#M2_(qc
z{q=I?>b34!iTur5cRP7VDb4<;Nf>qxE68psg;@@ok0f@Gnjk*WZV1GBRxeyC8}C2%
zxpA`o;89sQajMTP56!~ZV~FGF-NuJ*=i#r8E7F;>=lX~kV-<$+c@N?9%gSJ3o<4ig
zNgyFepFV%-YbS67*?QV@*NH%!CxuxYgN3moD6zA6xV!jv5o+zNFl_zm_xg?7T^Vp3
zsQmfMS6vx@X+vFYaj8=b{lezAA3J3v@{DcE?%Z4ZBhNS*3+PKn6!rF~vi(y|jD26#
zjYY=6!qo0AUpK$^wG+tOdgS4Enh3;sBn*>nCtp~hKy9=D#CfLe5O#dx)W)~>c`u9|
zmv)kZchj@vQNH%SFPi2%jJ>DutZzcda{l7wojQ)A+77fAwMk>bB?J?07Ya0{O|-X*
zSc7)9o*3T`Np%rnv}1wtHR0_JLw~go#3E@HhC7L$P%DuVm*XKYVSY#OWm;G*5YILC
z5(a2PJPYb2u*^#s-@g?GwChZJkAF>*Fzgt$JIb^)<aZb*&@M8QS(`ljX{FvSkeEdn
zu#3-ollR#1z~^TX25kS5!wMrP9|KLo*l$4`KYnMSOkcYZ%YTcS6&BC-D>T7Mc42L~
z7IHUXh_x~FT`RZo^h=o**yd*y#`aG<G3rm{>T?V<A4%L*>}6NdAc*cPh&5D}{|!DI
zR{XKiER08Yn&|H>$z%s)?#9gAg-K%g<5oxESV>`$5GhO&B85ppq%cW{6ebCg!XyDo
Z`3*V|tP-=xhaCU_002ovPDHLkV1mf)f%^ae

literal 0
HcmV?d00001

diff --git a/windows/update/waas-windows-insider-for-business.md b/windows/update/waas-windows-insider-for-business.md
index bf612c952c..45e3e49b28 100644
--- a/windows/update/waas-windows-insider-for-business.md
+++ b/windows/update/waas-windows-insider-for-business.md
@@ -20,7 +20,7 @@ localizationpriority: high
 For many IT pros, gaining visibility into feature updates early—before they’re available to the CB servicing branch—can be both intriguing and valuable for future end user communications as well as provide additional prestaging for CB machines. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to CB, organizations can test their deployment on test devices for compatibility validation.
 
 The Windows Insider Program for Business gives you the opportunity to: 
-* Get early access to Windows Insider Preview Builds 
+* Get early access to Windows Insider Preview Builds. 
 * Provide feedback to Microsoft in real-time via the Feedback Hub app.
 * Sign-in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs.
 
@@ -56,9 +56,8 @@ Best for Insiders who enjoy getting early access to updates for the Current Bran
 
 Insiders on this level receive builds of Windows just before Microsoft releases them for CB. Although these builds aren’t final, they are the most complete and stable builds available to Windows Insider Program participants. This level provides the best testing platform for organizations that conduct early application compatibility testing on Windows Insider PCs.
 
-* The Release Preview Ring will only be visible when your Windows build version is the same as the Current Branch  
-* The easiest way to go between the Development Branch to the Current Branch is to use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for PC) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows  
-Ring 
+* The Release Preview Ring will only be visible when your Windows build version is the same as the Current Branch.
+* The easiest way to go between the Development Branch to the Current Branch is to use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for PC) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
 
 ### Slow
 
@@ -70,11 +69,12 @@ The Slow Windows Insider level is for users who enjoy seeing new builds of Windo
 
 ### Fast
 
-Best for Insiders who enjoy being the first to get access to builds and feature upgrades, with some risk to their devices in order to identify issues, and provide suggestions and ideas to make Windows software and devices great 
+Best for Insiders who enjoy being the first to get access to builds and feature upgrades, with some risk to their devices in order to identify issues, and provide suggestions and ideas to make Windows software and devices great.
 
 * Windows Insiders with devices in the Fast Ring should be prepared for more issues that may block key activities that are important to you or may require significant workarounds. 
 * Because we are also validating a build on a smaller set of devices before going to Fast, there is also a chance that some features may work on some devices but may fail in other device configurations. 
-* Windows Insiders should be ready to reinstall Windows using the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) when you are significantly blocked. • Please remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community Forum 
+* Windows Insiders should be ready to reinstall Windows using the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) when you are significantly blocked.
+* Please remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community Forum.
 
 >[!NOTE]
 >Once your machine is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your machine will be auto-targeted for the next available flight for your selected ring. For the first build on any given machine, this may take up to 24 hours to complete.
@@ -85,11 +85,11 @@ During your time in the Windows Insider Program, you may want to change between
 
 1. Go to **Settings > Updates & Security >  Windows Insider Program**
 2. Under **Choose your level**, select between the following rings -
-    * [Windows Insider Fast](#fast)
-    * [Windows Insider Slow](#slow)
-    * [Release Preview](#release-preview)
+  * [Windows Insider Fast](#fast)
+  * [Windows Insider Slow](#slow)
+  * [Release Preview](#release-preview)
 
-## How to switch between you MSA and your Corporate AAD account
+## How to switch between your MSA and your Corporate AAD account
 
 The Windows Insider Program for Business now gives users the option to register and enroll devices using a corporate account in [Azure Active Directory](https://azure.microsoft.com/services/active-directory/) (AAD) as well as their Microsoft Account (MSA).
 
@@ -108,11 +108,16 @@ When providing feedback, please consider the following:
 3. Provide as much information to us as possible: include reproduction steps, screenshots, any detail you think would help us experience the issue as you have, so that we can work on a fix and get it into a new build as soon as possible.
 
 ### How to use your corporate AAD account for additional Feedback Hub benefits 
-Get even more out of the Feedback Hub by signing in to the Feedback Hub using the same corporate account in AAD that are using to flight builds. One of the benefits of submitting feedback using your AAD account is the addition of a page to the Feedback Hub for your organization. Simply click the **My Company** page in the feedback hub to see and upvote all feedback submitted by other Insiders in your organization.
+Get even more out of the Feedback Hub by signing in to the Feedback Hub using the same corporate account in AAD that you're using to flight builds. One of the benefits of submitting feedback using your AAD account is the addition of a page to the Feedback Hub for your organization. Simply click the **My Company** page in the feedback hub to see and upvote all feedback submitted by other Insiders in your organization.
 
 >[!NOTE]
 >If you signed into the Feedback Hub previously with your MSA, your feedback and badges will not be transferred to your AAD sing-in. However, you can switch back to your MSA account in the Feedback Hub to access feedback you’ve submitted and badges you’ve earned.
 
+>[!IMPORTANT]
+>With the current version of the Feedback Hub app, we need the user's consent to access their AAD account profile data (We read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will se a popup asking for their permissions. Once agreed, everything will work fine and that user won't be asked for permissions again.
+>
+> If something goes wrong, it is possible that users aren't enabled to give persmissions to access their data. This can be resolved through the AAD portal. For more information about this, please see [stub](waas-windows-insider-for-business-aad.md#user-consent-requirement).
+
 ## Not receiving Windows 10 Insider Preview build updates?
 
 In some cases, your PC may not update to the latest Insider Preview build as expected. Here are items that you can review to troubleshoot this issue:

From cc737c8f29255a1f335be0a08b9990ccaee12c21 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 14:46:39 -0700
Subject: [PATCH 03/13] fixed some typos

---
 .../waas-windows-insider-for-business-aad.md  | 43 ++++++++++++++++++-
 .../waas-windows-insider-for-business-faq.md  |  5 ++-
 2 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/windows/update/waas-windows-insider-for-business-aad.md b/windows/update/waas-windows-insider-for-business-aad.md
index f749ef1c36..440c4b8bfc 100644
--- a/windows/update/waas-windows-insider-for-business-aad.md
+++ b/windows/update/waas-windows-insider-for-business-aad.md
@@ -37,12 +37,11 @@ Simply go to **Settings > Accounts > Access work or school**. If a corporate acc
 ## Enroll a device with an Azure Active Directory account
 1. Visit [insider.windows.com](https://insider.windows.com). Sign-in with your corporate account in AAD and follow the on-screen registration directions. 
 2. On your Windows 10 device, go to **Settings > Updates & Security >  Windows Insider Program**. 
+3. Enter the AAD account that you used to register and follow the on-screen directions. 
 
 >[!NOTE]
 >Make sure that you have administrator rights to the machine and that it has latest Windows updates. 
 
-3. Enter the AAD account that you used to register and follow the on-screen directions. 
-
 ## Switch device enrollment from your Microsoft account to your AAD account 
 1. Visit [insider.windows.com](https://insider.windows.com) to register your AAD account. If you are signed in with your Microsoft account, sign out, then sign back in with your corporate AAD account. 
 2. Click **Get started**, read and accept the privacy statement and program terms and click **Submit**. 
@@ -55,6 +54,46 @@ Simply go to **Settings > Accounts > Access work or school**. If a corporate acc
 >[!NOTE]
 >Your device must be connected to your corporate account in AAD for the account to appear in the account list.
 
+## User consent requirement
+
+With the current version of the Feedback Hub app, we need the user's consent to access their AAD account profile data (We read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will se a popup asking for their permissions, like this:
+
+![Feedback Hub consent to AAD pop-up](images/waas-wipfb-aad-consent.png)
+
+Once agreed, everything will work fine and that user won't be asked for permissions again.
+
+### Something went wrong
+
+The option for users to give consent for apps to access their profile data is controlled through Azure Active Directory. This means the AAD administrators have the ability to allow or block users from giving consent.
+
+In case the administrators blocked this option, when the user signs in with the AAD account, they will see the following error message:
+
+![Feedback Hub consent error message](images/waas-wipfb-aad-error.png)
+
+This blocks the user from signing in, which means they won't be able to use the Feedback Hub app with their AAD credentials.
+
+**To fix this issue**, an adminsitrator of the AAD directory will need to enable user consent for apps to access their data.
+
+To do this through the **classic Azure portal**:
+1. Go to https://manage.windowsazure.com/ .
+2. Switch to the **Active Directory** dashboard.  
+   ![Azure classic portal dashboard button](images/waas-wipfb-aad-classicaad.png)
+3. Select the appropriate directory and go to the **Configure** tab.
+4. Under the **integrated applications** section, enable **Users may give applications permissions to access their data**.  
+   ![Azure classic portal enable consent](images/waas-wipfb-aad-classicenable.png)
+
+To do this through the **new Azure portal**:
+1. Go to https://portal.azure.com/ .
+2. Switch to the **Active Directory** dashboard.  
+   ![Azure new portal dashboard button](images/waas-wipfb-aad-newaad.png)
+3. Switch to the appropriate directory.  
+   ![Azure new portal switch directory button](images/waas-wipfb-aad-newdirectorybutton.png)
+4. Under the **Manage** section, select **User settings**.  
+   ![Azure new portal user settings](images/waas-wipfb-aad-newusersettings.png)
+5. In the **Enterprise applications** section, enable **Users can allow apps to access their data**.  
+   ![Azure new portal enable consent](images/waas-wipfb-aad-newenable.png)
+
+
 ## Frequently Asked Questions
 
 ### Will my test machines be affected by automatic registration?
diff --git a/windows/update/waas-windows-insider-for-business-faq.md b/windows/update/waas-windows-insider-for-business-faq.md
index 653d6d5c93..249b9c95ee 100644
--- a/windows/update/waas-windows-insider-for-business-faq.md
+++ b/windows/update/waas-windows-insider-for-business-faq.md
@@ -31,11 +31,12 @@ Hindi, Catalan, and Vietnamese can only be installed as a language pack over [su
 > To learn how to install a language pack, see [How to add an input language to your PC Additional](https://support.microsoft.com/instantanswers/60f32ff8-8697-4452-af7d-647439c38433/how-to-add-and-switch-input-languages-on-your-pc).
 
 ### How do I register for  the Windows Insider Program for Business? 
-To register for the Windows Insider Program for Business, follow the steps below using your corporate account in Azure Active Directory (AAD). This account is the same account  \that you use for Office 365 and other Microsoft services. 
+To register for the Windows Insider Program for Business, follow the steps below using your corporate account in Azure Active Directory (AAD). This account is the same account that you use for Office 365 and other Microsoft services. 
 
 1. Visit https://insider.windows.com and click **Get Started**. 
 2. Sign-in with your corporate account in AAD (username/password) and follow the on-screen registration directions. 
-3. Enroll your Windows 10 PC to get the latest Windows 10 Insider Preview builds. Go to **Settings > Updates & Security > Windows Insider Program**. Click **Get Started**, enter your corporate credentials that you used to register, then follow the on-screen directions. 
+3. Enroll your Windows 10 PC to get the latest Windows 10 Insider Preview builds. Go to **Settings > Updates & Security > Windows Insider Program**. Click **Get Started**, enter your corporate credentials that you used to register, then follow the on-screen directions.
+
 >[!NOTE]
 >Make sure that you have administrator rights to your machine and that it has latest Windows updates.
 

From fa51ba29b0efc66c8eae7b707d17163076e2606b Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 15:36:57 -0700
Subject: [PATCH 04/13] fixed typo

---
 windows/update/waas-windows-insider-for-business.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/update/waas-windows-insider-for-business.md b/windows/update/waas-windows-insider-for-business.md
index 45e3e49b28..802fb3b122 100644
--- a/windows/update/waas-windows-insider-for-business.md
+++ b/windows/update/waas-windows-insider-for-business.md
@@ -116,7 +116,7 @@ Get even more out of the Feedback Hub by signing in to the Feedback Hub using th
 >[!IMPORTANT]
 >With the current version of the Feedback Hub app, we need the user's consent to access their AAD account profile data (We read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will se a popup asking for their permissions. Once agreed, everything will work fine and that user won't be asked for permissions again.
 >
-> If something goes wrong, it is possible that users aren't enabled to give persmissions to access their data. This can be resolved through the AAD portal. For more information about this, please see [stub](waas-windows-insider-for-business-aad.md#user-consent-requirement).
+> If something goes wrong, it is possible that users aren't enabled to give persmissions to access their data. This can be resolved through the AAD portal. For more information about this, please see [User consent requirement](waas-windows-insider-for-business-aad.md#user-consent-requirement).
 
 ## Not receiving Windows 10 Insider Preview build updates?
 

From 95661d6ab8f131049172ac0b752abad2d777bd46 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 15:59:51 -0700
Subject: [PATCH 05/13] added wipfb to change history

---
 windows/update/change-history-for-update-windows-10.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/update/change-history-for-update-windows-10.md b/windows/update/change-history-for-update-windows-10.md
index d1a178004f..bfee7b36f4 100644
--- a/windows/update/change-history-for-update-windows-10.md
+++ b/windows/update/change-history-for-update-windows-10.md
@@ -15,5 +15,10 @@ This topic lists new and updated topics in the [Update Windows 10](index.md) doc
 
 ## RELEASE: Windows 10, version 1703
 
-The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update).
+The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
+* [Windows Insider Program for Business](waas-windows-insider-for-business.md)
+* [Windows Insider Program for Business using Azure Active Directory](waas-windows-insider-for-business-aad.md)
+* [Windows Insider Program for Business Frequently Asked Questions](waas-windows-insider-for-business-faq.md)
+
+
 

From f4f4cf4887e0fbd66a6eedbc6439c0d2fb329f55 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 16:05:28 -0700
Subject: [PATCH 06/13] last changes to Index and change history

---
 windows/update/change-history-for-update-windows-10.md | 5 +----
 windows/update/index.md                                | 1 +
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/update/change-history-for-update-windows-10.md b/windows/update/change-history-for-update-windows-10.md
index bfee7b36f4..97ece9af22 100644
--- a/windows/update/change-history-for-update-windows-10.md
+++ b/windows/update/change-history-for-update-windows-10.md
@@ -18,7 +18,4 @@ This topic lists new and updated topics in the [Update Windows 10](index.md) doc
 The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
 * [Windows Insider Program for Business](waas-windows-insider-for-business.md)
 * [Windows Insider Program for Business using Azure Active Directory](waas-windows-insider-for-business-aad.md)
-* [Windows Insider Program for Business Frequently Asked Questions](waas-windows-insider-for-business-faq.md)
-
-
-
+* [Windows Insider Program for Business Frequently Asked Questions](waas-windows-insider-for-business-faq.md)
\ No newline at end of file
diff --git a/windows/update/index.md b/windows/update/index.md
index 4346995b12..18f0e7fcdd 100644
--- a/windows/update/index.md
+++ b/windows/update/index.md
@@ -41,6 +41,7 @@ Windows as a service provides a new way to think about building, deploying, and
 | [Manage Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
 | [Manage Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates.  |
 | [Manage device restarts after updates](waas-restart.md) | Explains how to use Group Policy to manage device restarts. |
+| [Windows Insider Program for Business](waas-windows-insider-for-business.md) | Explains how the Windows Insider Program for Business works and how to become an insider. |
 
 >[!TIP]
 >Windows servicing is changing, but for disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as System Center Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows.

From c1e5aae7f2ceb310c2fa198e013602438e2303de Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 16:26:33 -0700
Subject: [PATCH 07/13] waas-configure-wufb fixed 60 -> 35 mention pause

---
 windows/update/waas-configure-wufb.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/update/waas-configure-wufb.md b/windows/update/waas-configure-wufb.md
index e3b47b2f2f..565725e1c2 100644
--- a/windows/update/waas-configure-wufb.md
+++ b/windows/update/waas-configure-wufb.md
@@ -84,11 +84,11 @@ After you configure the servicing branch (CB or CBB), you can then define if, an
 
 ## Pause Feature Updates
 
-You can also pause a device from receiving Feature Updates by a period of up to 60 days from when the value is set. After 60 days has passed, pause functionality will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, Feature Updates for the device can then be paused again.
+You can also pause a device from receiving Feature Updates by a period of up to 35 days from when the value is set. After 35 days has passed, pause functionality will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, Feature Updates for the device can then be paused again.
 
-Starting with version 1703, when configuring pause through policy, a start date has to be set from which the pause begins. The pause period will be calculated by adding 60 days to the start date. 
+Starting with version 1703, when configuring pause through policy, a start date has to be set from which the pause begins. The pause period will be calculated by adding 35 days to the start date. 
 
-In cases where the pause policy is first applied after the configured start date has passed, administrators will be able to extend the pause period up to a total of 60 days by configuring a later start date.
+In cases where the pause policy is first applied after the configured start date has passed, administrators will be able to extend the pause period up to a total of 35 days by configuring a later start date.
 
 With version 1703, pausing through the settings app will provide a more consistent experience:
 - Any active restart notification are cleared or closed
@@ -98,6 +98,8 @@ With version 1703, pausing through the settings app will provide a more consiste
 
 >[!IMPORTANT]
 >This policy does not apply to Windows 10 Mobile Enterprise.
+>
+>Prior to Windows 10, version 1703, feature updates could be paused by up to 60 days. This number has be changed to 35, similar to the number of days for quality updates.
 
 **Pause Feature Updates policies**
 
@@ -110,7 +112,7 @@ With version 1703, pausing through the settings app will provide a more consiste
 
 You can check the date Feature Updates were paused at by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
 
-The local group policy editor (GPEdit.msc) will not reflect if your Feature Update Pause period has expired. Although the device will resume Feature Updates after 60 days automatically, the pause checkbox will remain checked in the policy editor.  To see if a device has auto-resumed taking Feature Updates, you can check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
+The local group policy editor (GPEdit.msc) will not reflect if your Feature Update Pause period has expired. Although the device will resume Feature Updates after 35 days automatically, the pause checkbox will remain checked in the policy editor.  To see if a device has auto-resumed taking Feature Updates, you can check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
 
 | Value | Status|
 | --- | --- |

From 2a3f438973da2b56561a06452dcae630161671cf Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Apr 2017 16:33:42 -0700
Subject: [PATCH 08/13] fixed typo

---
 windows/update/waas-configure-wufb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/update/waas-configure-wufb.md b/windows/update/waas-configure-wufb.md
index 565725e1c2..03aeba51b9 100644
--- a/windows/update/waas-configure-wufb.md
+++ b/windows/update/waas-configure-wufb.md
@@ -99,7 +99,7 @@ With version 1703, pausing through the settings app will provide a more consiste
 >[!IMPORTANT]
 >This policy does not apply to Windows 10 Mobile Enterprise.
 >
->Prior to Windows 10, version 1703, feature updates could be paused by up to 60 days. This number has be changed to 35, similar to the number of days for quality updates.
+>Prior to Windows 10, version 1703, feature updates could be paused by up to 60 days. This number has been changed to 35, similar to the number of days for quality updates.
 
 **Pause Feature Updates policies**
 

From 96c474d1ef5be136b3492cb5e73007b1cc8fccb4 Mon Sep 17 00:00:00 2001
From: Justinha <Justinha@Microsoft.com>
Date: Wed, 5 Apr 2017 16:57:53 -0700
Subject: [PATCH 09/13] removed table

---
 .../bitlocker-frequently-asked-questions.md   | 43 +++----------------
 1 file changed, 6 insertions(+), 37 deletions(-)

diff --git a/windows/keep-secure/bitlocker-frequently-asked-questions.md b/windows/keep-secure/bitlocker-frequently-asked-questions.md
index 3e39f7390e..01c1fb4b93 100644
--- a/windows/keep-secure/bitlocker-frequently-asked-questions.md
+++ b/windows/keep-secure/bitlocker-frequently-asked-questions.md
@@ -97,44 +97,13 @@ Yes. Open the **BitLocker Drive Encryption** Control Panel, click **Manage BitLo
 
 ### <a href="" id="bkmk-decryptfirst"></a>Do I have to decrypt my BitLocker-protected drive to download and install system updates and upgrades?
 
-The following table lists what action you need to take before you perform an upgrade or update installation.
+No user action is required for BitLocker in order to apply updates from Microsoft, including [Windows quality updates and feature updates](https://technet.microsoft.com/itpro/windows/manage/waas-quick-start). 
+Users need to suspend BitLocker for Non-Microsoft software updates, such as:   
+
+- Computer manufacturer firmware updates
+- TPM firmware updates
+- Non-Microsoft application updates that modify boot components
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Type of update</th>
-<th align="left">Action</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Windows Anytime Upgrade</p></td>
-<td align="left"><p>Decrypt</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Feature updates](https://technet.microsoft.com/itpro/windows/manage/waas-quick-start) for Windows 10 (example: Windows 10, version 1703)</p></td>
-<td align="left"><p>Suspend</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Non-Microsoft software updates, such as:</p>
-<ul>
-<li><p>Computer manufacturer firmware updates</p></li>
-<li><p>TPM firmware updates</p></li>
-<li><p>Non-Microsoft application updates that modify boot components</p></li>
-</ul></td>
-<td align="left"><p>Suspend</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Software and [quality updates](https://technet.microsoft.com/itpro/windows/manage/waas-quick-start) from Windows Update</p></td>
-<td align="left"><p>Nothing</p></td>
-</tr>
-</tbody>
-</table>
- 
 > **Note:**  If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.
  
 ## <a href="" id="bkmk-deploy"></a>Deployment and administration

From 059af48a09da3f016bab69ecac22e7fd0057c423 Mon Sep 17 00:00:00 2001
From: Justinha <Justinha@Microsoft.com>
Date: Wed, 5 Apr 2017 17:21:15 -0700
Subject: [PATCH 10/13] fixed examples

---
 .../overview-of-threat-mitigations-in-windows-10.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/overview-of-threat-mitigations-in-windows-10.md b/windows/keep-secure/overview-of-threat-mitigations-in-windows-10.md
index 3b315d321b..ff8d0da12b 100644
--- a/windows/keep-secure/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/keep-secure/overview-of-threat-mitigations-in-windows-10.md
@@ -419,10 +419,10 @@ ConvertTo-ProcessMitigationPolicy -EMETFilePath <String> -OutputFilePath <String
 
 Examples:
 
--   **Convert EMET settings to Windows 10 settings**: You can run ConvertTo-ProcessMitigationPolicy and provide an EMET XML settings file as input, which will generate an output file of Windows 10 mitigation settings. For example:
+-   **Convert EMET settings to Windows 10 settings**: You can run ConvertTo-ProcessMitigationPolicy and provide an EMET XML settings file as input, which will generate a result file of Windows 10 mitigation settings. For example:
     
     ```powershell
-    ConvertTo-ProcessMitigationPolicy -EMETfile emetpolicy.xml -output newconfiguration.xml
+    ConvertTo-ProcessMitigationPolicy -EMETFilePath policy.xml -OutputFilePath result.xml
     ```
 
 -   **Audit and modify the converted settings (the output file)**: Additional cmdlets let you apply, enumerate, enable, disable, and save settings in the output file. For example, this cmdlet enables SEHOP and disables MandatoryASLR and DEPATL registry settings for Notepad:
@@ -436,7 +436,7 @@ Examples:
 -   **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET “Certificate Trust” XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](enterprise-certificate-pinning.md). For example:
 
     ```powershell
-    ConvertTo-ProcessMitigationPolicy -EMETfile certtrustrules.xml -output enterprisecertpinningrules.xml
+    ConvertTo-ProcessMitigationPolicy -EMETfilePath certtrustrules.xml -OutputFilePath enterprisecertpinningrules.xml
     ```
 
 #### EMET-related products

From d29a7e768b46c876e07a731f41834cc175c69dc0 Mon Sep 17 00:00:00 2001
From: John Tobin <v-jotob@microsoft.com>
Date: Wed, 5 Apr 2017 17:36:19 -0700
Subject: [PATCH 11/13] Edits to cred_guard manage

---
 .../keep-secure/credential-guard-manage.md    | 67 +++++++++++++------
 1 file changed, 45 insertions(+), 22 deletions(-)

diff --git a/windows/keep-secure/credential-guard-manage.md b/windows/keep-secure/credential-guard-manage.md
index a70d85eb17..d2fcbe101f 100644
--- a/windows/keep-secure/credential-guard-manage.md
+++ b/windows/keep-secure/credential-guard-manage.md
@@ -1,4 +1,4 @@
----
+---
 title: Manage Credential Guard (Windows 10)
 description: Deploying and managing Credential Guard using Group Policy, the registry, or the Device Guard and Credential Guard hardware readiness tool.
 ms.prod: w10
@@ -19,7 +19,9 @@ Prefer video? See [Protecting privileged users with Credential Guard](https://mv
 in the Deep Dive into Credential Guard video series.
 
 ## Enable Credential Guard
-Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool).
+Credential Guard can be enabled either by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. 
+The same set of procedures used to enable Credential Guard on physical machines applies also to virtual machines.
+
 
 ### Enable Credential Guard by using Group Policy
 
@@ -41,7 +43,7 @@ To enforce processing of the group policy, you can run ```gpupdate /force```.
 
 If you don't use Group Policy, you can enable Credential Guard by using the registry. Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems.
 
-### Add the virtualization-based security features
+#### Add the virtualization-based security features
 
 Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped.
 
@@ -74,7 +76,7 @@ If you enable Credential Guard by using Group Policy, the steps to enable Window
 > [!NOTE]  
 > You can also add these features to an online image by using either DISM or Configuration Manager.
 
-### Enable virtualization-based security and Credential Guard
+#### Enable virtualization-based security and Credential Guard
 
 1.  Open Registry Editor.
 2.  Enable virtualization-based security:
@@ -101,22 +103,16 @@ DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot
 
 ### Credential Guard deployment in virtual machines
 
-Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine.
+Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. When Credential Guard is deployed on a VM, secrets are protected from attacks inside the VM. Credential Guard does not provide additional protection from privileged system attacks originating from the host.
 
-Credential Guard protects secrets from non-privileged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine:
+#### Requirements for running Credential Guard in Hyper-V virtual machines
 
-``` PowerShell
-Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
-```
-
-Requirements for running Credential Guard in Hyper-V virtual machines
 - The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607.
 - The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. 
 
+### Review Credential Guard performance
 
-### Check that Credential Guard is running
-
-You can use System Information to ensure that Credential Guard is running on a PC.
+You can view System Information to check that Credential Guard is running on a PC.
 
 1.  Click **Start**, type **msinfo32.exe**, and then click **System Information**.
 2.  Click **System Summary**.
@@ -132,10 +128,31 @@ You can also check that Credential Guard is running by using the [Device Guard a
 DG_Readiness_Tool_v3.0.ps1 -Ready
 ```
 
+-   If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard should be enabled before the PC is joined to a domain.
 
-### Remove Credential Guard
+-   You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
+    -   **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
+    -   **Event ID 14** Credential Guard (LsaIso.exe) configuration: 0x1, 0
+        -   The first variable: 0x1 means Credential Guard is configured to run. 0x0 means it’s not configured to run.
+        -   The second variable: 0 means it’s configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0.
+    -   **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard.
+    -   **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\]
+    -   **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]
+    You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -&gt; **Windows** -&gt; **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
+    -   **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.
+-   Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
+-   Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN.
+-   As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running.
 
-If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool).
+-   Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager:
+    -   Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed".
+    -   Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials.
+    -   You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
+    - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. 
+      
+## Disable Credential Guard
+
+If you have to disable Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool).
 
 1.  If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Device Guard** -&gt; **Turn on Virtualization Based Security**).
 2.  Delete the following registry settings:
@@ -146,11 +163,7 @@ If you have to remove Credential Guard on a PC, you can use the following set of
     > [!IMPORTANT]  
     > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
 
-3.  Delete the Credential Guard EFI variables by using bcdedit.
-
-**Delete the Credential Guard EFI variables**
-
-1.  From an elevated command prompt, type the following commands:
+3.  Delete the Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
     ``` syntax
 
     mountvol X: /s
@@ -180,7 +193,7 @@ If you have to remove Credential Guard on a PC, you can use the following set of
 For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md).
 
 <span id="turn-off-with-hardware-readiness-tool" />
-#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool
+#### Disable Credential Guard by using the Device Guard and Credential Guard hardware readiness tool
 
 You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
 
@@ -188,5 +201,15 @@ You can also disable Credential Guard by using the [Device Guard and Credential
 DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot
 ```
 
+#### Disable Credential Guard for a virtual machine
+
+From the host, you can disable Credential Guard for a virtual machine:
+
+``` PowerShell
+Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
+```
+
+
+
 
 

From 3d2e3d62c023c5afa8c7412335e2fe768ab0d393 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 6 Apr 2017 08:34:37 -0700
Subject: [PATCH 12/13] updating chassistype description

---
 .../basic-level-windows-diagnostic-events-and-fields.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configure/basic-level-windows-diagnostic-events-and-fields.md b/windows/configure/basic-level-windows-diagnostic-events-and-fields.md
index f62ad1e526..738d97b024 100644
--- a/windows/configure/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configure/basic-level-windows-diagnostic-events-and-fields.md
@@ -1491,7 +1491,7 @@ This event sends data about the device, including hardware type, OEM brand, mode
 
 The following fields are available:
 
-- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 24.
+- **ChassisType**  Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
 - **ComputerHardwareID**  Identifies a device class that is represented by a hash of different SMBIOS fields.
 - **DeviceColor**  Indicates a color of the device.
 - **DeviceName**  The device name that is set by the user.

From f098ee755835b24f03ca7b217122292bb9dbc5a6 Mon Sep 17 00:00:00 2001
From: John Tobin <v-jotob@microsoft.com>
Date: Thu, 6 Apr 2017 09:31:26 -0700
Subject: [PATCH 13/13] Removed known issues heading

---
 ...redential-guard-not-protected-scenarios.md | 36 -------------------
 1 file changed, 36 deletions(-)

diff --git a/windows/keep-secure/credential-guard-not-protected-scenarios.md b/windows/keep-secure/credential-guard-not-protected-scenarios.md
index a62da81098..bce8580dfb 100644
--- a/windows/keep-secure/credential-guard-not-protected-scenarios.md
+++ b/windows/keep-secure/credential-guard-not-protected-scenarios.md
@@ -634,42 +634,6 @@ write-host $tmp -Foreground Red
 > [!NOTE]  
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
 
-
-
-
-## Troubleshooting Credential Guard
-
-
-
-### Known Issues
-
-Microsoft is aware of certain issues with Credential Guard that affect client machines that run Windows 10.
-•	For devices with Credential Guard enabled, a sign-in attempt that fails because of a bad password counts as two bad password attempts instead of one. Consequently, if your enterprise has an account lockout policy based on a certain number of failed password attempts, that threshold will be reached in half the number of attempts. 
-
-This issue has been resolved for clients that run Windows 10 version 1703. For clients that run Windows 10 version 1607, a hotfix is available for download to resolve the issue. For clients that run Windows 10 versions 1507 or 1511, no hotfix is available. For those operating systems, to resolve the issue, you can upgrade the client to a later version of Windows 10. As a workaround, administrators can either choose to increase the account lockout threshold accordingly, consistent with current security policy, or can disable Credential Guard. For further information, see Credential Guard generates double bad password count
-
-Credential guard has known issues on Windows 10 when used with certain third-party applications:
-
-•	Applications Appsense and Lumension E S. are known to cause high CPU utilization on Windows 10 client machines with credential guard enabled. 
-•	Citrix Applications are known to cause high CPU utilization on Windows 10 client machines. This issue is currently under investigation.
-•	Cisco Proxy Agents are known to cause authentication failure on Windows 10 client machines. This issue is currently under investigation.
-•	Client machines with Credential Guard enabled cannot access shares on For further information see: Machines with Credential Guard enabled unable to connect to IBM File Servers
-
-
-
-
-
-
-### How-to
-
-
-
-
-
-
-
-
-
 ## See also
 
 **Deep Dive into Credential Guard: Related videos**