Merge remote-tracking branch 'refs/remotes/origin/rs4' into jdrs4wcd

.openpublishing.publish.config.json

@@ -1,6 +1,22 @@
 {
   "build_entry_point": "",
   "docsets_to_publish": [
+    {
+      "docset_name": "bcs-VSTS",
+      "build_source_folder": "bcs",
+      "build_output_subfolder": "bcs-VSTS",
+      "locale": "en-us",
+      "monikers": [],
+      "moniker_ranges": [],
+      "open_to_public_contributors": false,
+      "type_mapping": {
+        "Conceptual": "Content",
+        "ManagedReference": "Content",
+        "RestApi": "Content"
+      },
+      "build_entry_point": "docs",
+      "template_folder": "_themes"
+    },
     {
       "docset_name": "education-VSTS",
       "build_source_folder": "education",
@@ -126,7 +142,7 @@
       "locale": "en-us",
       "monikers": [],
       "moniker_ranges": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content",
         "ManagedReference": "Content",

bcs/TOC.md

@@ -0,0 +1 @@
+# [Index](index.md)

bcs/breadcrumb/toc.yml

@@ -0,0 +1,3 @@
+- name: Docs
+  tocHref: /
+  topicHref: /

bcs/docfx.json

@@ -0,0 +1,45 @@
+{
+  "build": {
+    "content": [
+      {
+        "files": [
+          "**/*.md",
+          "**/*.yml"
+        ],
+        "exclude": [
+          "**/obj/**",
+          "**/includes/**",
+          "_themes/**",
+          "_themes.pdf/**",
+          "README.md",
+          "LICENSE",
+          "LICENSE-CODE",
+          "ThirdPartyNotices"
+        ]
+      }
+    ],
+    "resource": [
+      {
+        "files": [
+          "**/*.png",
+          "**/*.jpg"
+        ],
+        "exclude": [
+          "**/obj/**",
+          "**/includes/**",
+          "_themes/**",
+          "_themes.pdf/**"
+        ]
+      }
+    ],
+    "overwrite": [],
+    "externalReference": [],
+    "globalMetadata": {
+      "breadcrumb_path": "/microsoft-365/business/breadcrumb/toc.json",
+      "extendBreadcrumb": true
+    },
+    "fileMetadata": {},
+    "template": [],
+    "dest": "bcs-vsts"
+  }
+}

bcs/index.md

@@ -0,0 +1,3 @@
+---
+redirect_url: /microsoft-365/business/
+---

bcs/support/microsoft-365-business-faqs.md

@@ -0,0 +1,3 @@
+---
+redirect_url: https://docs.microsoft.com/microsoft-365/business/support/microsoft-365-business-faqs
+---

bcs/support/transition-csp-subscription.md

@@ -0,0 +1,3 @@
+---
+redirect_url: https://docs.microsoft.com/microsoft-365/business/support/transition-csp-subscription
+---

browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md

@@ -191,6 +191,17 @@ The <url> attribute, as part of the <site> element in the v.2 versio
 </thead>
 <tbody>
 <tr>
+<td>allow-redirect</td>
+<td>A boolean attribute of the &lt;open-in&gt; element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
+<p><b>Example</b>
+<pre class="syntax">
+&lt;site url="contoso.com/travel"&gt;
+  &lt;open-in allow-redirect="true"&gt;IE11&lt;/open-in&gt;
+&lt;/site&gt;</pre>
+In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.</td>
+<td>Internet Explorer 11 and Microsoft Edge</td>
+</tr>
+<tr>
 <td>version</td>
 <td>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the &lt;site-list&gt; element.</td>
 <td>Internet Explorer 11 and Microsoft Edge</td>

education/get-started/configure-microsoft-store-for-education.md

@@ -23,7 +23,7 @@ You'll need to configure Microsoft Store for Education to accept the services ag
 
 You can watch the video to see how this is done, or follow the step-by-step guide. </br>
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/Jnbssq0gC_g" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/Jnbssq0gC_g]
 
 You can watch the descriptive audio version here: [Microsoft Education: Configure Microsoft Store for Education (DA)](https://www.youtube.com/watch?v=bStgEpHbEXw)
 
@@ -53,11 +53,6 @@ You can watch the descriptive audio version here: [Microsoft Education: Configur
 
 Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next.
 
-<!--
-> [!div class="nextstepaction"]
-> [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
--->
-
 > [!div class="step-by-step"]
 [<< Use School Data Sync to import student data](use-school-data-sync.md)
 [Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)

education/get-started/enable-microsoft-teams.md

@@ -46,10 +46,6 @@ To get started, IT administrators need to use the Office 365 Admin Center to ena
 
 You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the <a href="https://aka.ms/MeetTeamsEdu" target="_blank">Meet Microsoft Teams</a> page.
 
-<!--
-> [!div class="nextstepaction"]
-> [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
--->
 
 > [!div class="step-by-step"]
 [<< Use School Data Sync to import student data](use-school-data-sync.md)

education/get-started/finish-setup-and-other-tasks.md

@@ -26,7 +26,7 @@ Once you've set up your Windows 10 education device, it's worth checking to veri
 
 You can watch the video to see how this is done, or follow the step-by-step guide. </br>
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/nhQ_4okWFmk" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/nhQ_4okWFmk]
 
 You can watch the descriptive audio version here: [Microsoft Education: Verify Windows 10 education devices are Azure AD joined and managed (DA)](https://www.youtube.com/watch?v=_hVIxaEsu2Y)
 
@@ -78,7 +78,7 @@ You can follow the rest of the walkthrough to finish setup and complete other ta
 
 You can watch the following video to see how to update group settings in Intune for Education and configure Azure settings. Or, you can follow the step-by-step guide for these tasks and the other tasks listed above.
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/M6-k73dZOfw" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/M6-k73dZOfw]
 
 You can watch the descriptive audio version here: [Microsoft Education: Update settings, apps, and Azure AD settings for your education tenant (DA)](https://www.youtube.com/watch?v=-Rz3VcDXbzs)
 

education/get-started/set-up-office365-edu-tenant.md

@@ -23,7 +23,7 @@ Schools can use Office 365 to save time and be more productive. Built with power
 
 Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans). </br>
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/X7bscA-knaY" frameborder="0" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/X7bscA-knaY]
 
 You can watch the descriptive audio version here: [Microsoft Education: Set up an Office 365 Education tenant (DA)](https://www.youtube.com/watch?v=d5tQ8KoB3ic)
 

education/get-started/set-up-windows-education-devices.md

@@ -19,7 +19,7 @@ If you are setting up a Windows 10 device invidividually, and network bandwidth
 
 You can watch the video to see how this is done, or follow the step-by-step guide. </br>
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/nADWqBYvqXk" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/nADWqBYvqXk]
 
 You can watch the descriptive audio version here: [Microsoft Education: Set up a new Windows 10 education devices using the Windows setup experience (DA)](https://www.youtube.com/watch?v=_UtS1Cz2Pno)
 

education/get-started/use-intune-for-education.md

@@ -41,7 +41,7 @@ Note that for verified education tenants, Microsoft automatically provisions you
 
 You can watch the video to see how this is done, or follow the step-by-step guide. </br>
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/c3BLoZZw3TQ" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/c3BLoZZw3TQ]
 
 You can watch the descriptive audio version here: [Microsoft Education: Use Intune for Education to manage groups, apps, and settings (DA)](https://youtu.be/Tejxfc4V7cQ)
 

education/get-started/use-school-data-sync.md

@@ -25,7 +25,7 @@ Follow all the steps in this section to use SDS and sample CSV files in a trial
 
 You can watch the video to see how this is done, or follow the step-by-step guide.</br>
 
-<center><iframe src="https://www.youtube.com/embed/ehSU8jr8T24" width="560" height="315" allowFullScreen frameBorder="0"></iframe></center>
+> [!VIDEO https://www.youtube.com/embed/ehSU8jr8T24]
 
 You can watch the descriptive audio version here: [Microsoft Education: Use School Data Sync to import student data (DA)](https://www.youtube.com/watch?v=l4b086IMtvc)
 

education/trial-in-a-box/educator-tib-get-started.md

@@ -31,10 +31,10 @@ ms.date: 01/12/2017
 
 </br>
 
-<!-- hiding placeholder
+> [!VIDEO https://www.youtube.com/embed/3nqooY9Iqq4]
-<center><iframe width="560" height="315" src="https://aka.ms/EDU-Get-Started" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+
 </br>
--->
+
 
 ![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png) 
 ## <a name="edu-task1"></a>1. Log in and connect to the school network
@@ -49,10 +49,10 @@ To try out the educator tasks, start by logging in as a teacher.
 ![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) 
 ## <a name="edu-task2"></a>2. Significantly improve student reading speed and comprehension
 
-<!-- hiding placeholder
+> [!VIDEO https://www.youtube.com/embed/GCzSAslq_2Y]
-<center><iframe width="560" height="315" src="https://aka.ms/EDU-Learning-Tools" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+
 </br>
--->
+
 
 Learning Tools and the Immersive Reader can be used in the Microsoft Edge browser, Microsoft Word, and Microsoft OneNote to:
 * Increase fluency for English language learners
@@ -80,10 +80,10 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
 ![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png) 
 ## <a name="edu-task3"></a>3. Spark communication, critical thinking, and creativity in the classroom
 
-<!-- hiding placeholder
+> [!VIDEO https://www.youtube.com/embed/riQr4Dqb8B8]
-<center><iframe width="560" height="315" src="https://aka.ms/EDU-Teams" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+
 </br>
--->
+
 
 Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark digital classroom discussions, respond to student questions, organize content, and more!  
 
@@ -99,10 +99,10 @@ Take a guided tour of Microsoft Teams and test drive this digital hub.
 ![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png) 
 ## <a name="edu-task4"></a>4. Expand classroom collaboration and interaction between students
 
-<!-- hiding placeholder
+> [!VIDEO https://www.youtube.com/embed/dzDSWMb_fIE]
-<center><iframe width="560" height="315" src="https://aka.ms/EDU-OneNote" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+
 </br>
--->
+
 
 Microsoft OneNote organizes curriculum and lesson plans for teachers and students to work together and at their own pace. It provides a digital canvas to store text, images, handwritten drawings, attachments, links, voice, and video.
 
@@ -130,10 +130,9 @@ See how a group project comes together with opportunities to interact with other
 ![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) 
 ## <a name="edu-task5"></a>5. Get kids to further collaborate and problem solve
 
-<!-- hiding placeholder
+> [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
-<center><iframe width="560" height="315" src="https://aka.ms/EDU-Minecraft-EE" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+
 </br>
--->
 
 Minecraft: Education Edition provides an immersive environment to develop creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination.   
 

education/trial-in-a-box/index.md

@@ -20,9 +20,9 @@ ms.date: 12/11/2017
 
 </br>
 
-<!-- hiding placeholder
+> [!VIDEO https://www.youtube.com/embed/azoxUYWbeGg]
-<center><iframe width="560" height="315" src="https://aka.ms/edu-welcome" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+
--->
+</br>
 
 Welcome to Microsoft Education Trial in a Box. We built this trial to make it easy to try our latest classroom technologies. We have two scenarios for you to try: one for educators and one for IT. We recommend starting with Educators. To begin, click **Get started** below. 
 

education/trial-in-a-box/itadmin-tib-get-started.md

@@ -35,9 +35,8 @@ To get the most out of Microsoft Education, we've pre-configured your tenant for
 If you run into any problems while following the steps in this guide, or you have questions about Trial in a Box or Microsoft Education, see [Microsoft Education Trial in a Box Support](support-options.md).
 
 </br>
-<!-- hiding placeholder
+
-<center><iframe width="560" height="315" src="https://aka.ms/EDU-IT-Admin-Setup" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+> [!VIDEO https://www.youtube.com/embed/cVVKCpO2tyI]
--->
 
 </br>
 

education/windows/use-set-up-school-pcs-app.md

@@ -42,7 +42,7 @@ Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recomm
 
 You can watch the video to see how to use the Set up School PCs app, or follow the step-by-step guide. </br>
 
-<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/2ZLup_-PhkA" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
+> [!VIDEO https://www.youtube.com/embed/2ZLup_-PhkA]
 
 You can watch the descriptive audio version here: [Microsoft Education: Use the Set up School PCs app (DA)](https://www.youtube.com/watch?v=qqe_T2LkGsI)
 
@@ -89,9 +89,19 @@ You can watch the descriptive audio version here: [Microsoft Education: Use the
     5. Click **Just remove my files**.
     6. Click **Reset**.
 
+* **Use an NTFS-formatted USB key**
+
+    If you're planning to install several apps, the Set up School PCs package may exceed 4 GB. Check if your USB drive format is FAT32. If it is, you won't be able to save more than 4 GB of data on the drive. To work around this, reformat the USB drive to use the NTFS format. To do this:
+
+    1. Insert the USB key into your computer.
+    2. Go to the Start menu and type **This PC** and then select the **This PC (Desktop app)** from the search results. 
+    3. In the **Devices and drivers** section, find the USB drive, select and then right-click to bring up options.
+    4. Select **Format** from the list to bring up the **Format <DRIVE NAME>** window.
+    5. Set **File system** to **NTFS** and then click **Start** to format the drive.
+
 * **Use more than one USB key**
 
-    If you are setting up multiple PCs, you can set them up at the same time.  Just save the provisioning package to another USB drive. Create two keys and you can run it on two PCs at once, and so on.
+    If you are setting up multiple PCs, you can set them up at the same time. Just save the provisioning package to another USB drive. Create two keys and you can run it on two PCs at once, and so on.
 
 * **Keep it clean**
 
@@ -112,7 +122,8 @@ You can watch the descriptive audio version here: [Microsoft Education: Use the
 - You must have the Microsoft Store for Education configured.
 - You must be a global admin in the Microsoft Store for Education.
 - It's best if you sign up for and [configure Intune for Education](../get-started/use-intune-for-education.md) before using the Set up School PCs app.
-- Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office.
+- Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office. 
+- Check the default file system format for your USB drive. You may need to set this to NTFS to save a provisioning package that's 4 GB or larger. 
 
 ## Set up School PCs step-by-step
 

store-for-business/add-profile-to-devices.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
-ms.date: 1/29/2018
+ms.date: 2/9/2018
 ms.localizationpriority: high
 ---
 
@@ -20,7 +20,7 @@ Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For
 
 Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business. </br>
 
-[!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
+> [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
 
 ## What is Windows AutoPilot Deployment Program?
 In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 

store-for-business/release-history-microsoft-store-business-education.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
-ms.date: 1/8/2018
+ms.date: 2/8/2018
 ---
 
 # Microsoft Store for Business and Education release history
@@ -15,6 +15,10 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
 
+## December 2017
+
+- Bug fixes and permformance improvements.
+
 ## November 2017
 
 - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.

store-for-business/whats-new-microsoft-store-business-education.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
-ms.date: 1/8/2018
+ms.date: 2/8/2018
 ---
 
 # What's new in Microsoft Store for Business and Education
@@ -15,9 +15,16 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 ## Latest updates for Store for Business and Education
 
-**December 2017**
+**January 2018**
+
+|  |  |
+|--------------------------------------|---------------------------------|
+| ![Microsoft Store for Business Products &amp; services page.](images/product-and-service-icon.png) |**One place for apps, software, and subscriptions**<br /><br /> The new **Products &amp; services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services. This includes Apps, Software, and Subscriptions that your organization acquired or manages through Microsoft Store for Business. This change centralizes these products, but the platform changes also improve overall performance. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+|  ![Upgrade Office 365 trial subscription.](images/office-logo.png) |**Upgrade Office 365 trial subscription**<br /><br> Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+|  ![Image showing Settings icon.](images/mpsa-link.png) |**Supporting Microsoft Product and Services Agreement customers**<br /><br>If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details. Also, we added the ability to associate your purchasing account to your tenant. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+|  ![Image showing Settings icon.](images/invite-people.png) |**Microsoft Product and Services Agreement customers can invite people to take roles**<br /><br> MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+
 
-We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
 
 <!---
 We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
@@ -30,6 +37,9 @@ We’ve been working on bug fixes and performance improvements to provide you a
 
 ## Previous releases and updates
 
+[December 2017](release-history-microsoft-store-business-education.md#december-2017)
+- Bug fixes and permformance improvements
+
 [November 2017](release-history-microsoft-store-business-education.md#november-2017)
 - Export list of Minecraft: Education Edition users
 - Bug fixes and performance improvements

windows/access-protection/index.md

@@ -1,29 +1,3 @@
 ---
-title: Access protection (Windows 10)
+redirect_url: https://docs.microsoft.com/windows/security/identity-protection/
-description: Learn more about access protection technologies in Windows 10 and Windows 10 Mobile.
+---
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 04/24/2017
----
-
-# Access protection
-
-Learn more about access protection technologies in Windows 10 and Windows 10 Mobile.
-
-| Section | Description |
-|-|-|
-| [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
-| [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
-| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information. Certificates are issued by a certification authority (CA) that vouches for the identity of the certificate holder, and they enable secure client communications with websites and services. |
-| [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) | Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard helps prevent these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. |
-| [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
-| [User Account Control](user-account-control/user-account-control-overview.md)| Provides information about User Account Control (UAC), which helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. UAC can help block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.|
-| [Virtual Smart Cards](virtual-smart-cards/virtual-smart-card-overview.md) | Provides information about deploying and managing virtual smart cards, which are functionally similar to physical smart cards and appear in Windows as smart cards that are always-inserted. Virtual smart cards use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. |
-| [VPN technical guide](vpn/vpn-guide.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
-| [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) | Provides a collection of references topics about smart cards, which are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account. |
-| [Windows Hello for Business](hello-for-business/hello-identity-verification.md) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
-| [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md) | Provides information about Windows Firewall with Advanced Security, which is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local device. |
-| [Windows 10 Credential Theft Mitigation Guide Abstract](windows-credential-theft-mitigation-guide-abstract.md) | Learn more about credential theft mitigation in Windows 10. |

windows/application-management/manage-windows-mixed-reality.md

@@ -23,11 +23,7 @@ Windows 10, version 1709 (also known as the Fall Creators Update), introduces [W
 <span id="enable" />
 ## Enable Windows Mixed Reality in WSUS
 
-To enable users to download the Windows Mixed Reality software, enterprises using WSUS can approve Windows Mixed Reality package by unblocking the following KBs:
+To enable users to download the Windows Mixed Reality software for devices running Windows 10, version 1703, enterprises using WSUS can approve Windows Mixed Reality package by unblocking **KB4016509: FeatureOnDemandOasis - Windows 10 version 1703 for x64-based Systems**. 
-  
-- KB4016509: FeatureOnDemandOasis - Windows 10 version 1703 for x64-based Systems
-- KB3180030: language packs
-- KB3197985: language packs
  
 Enterprises devices running Windows 10, version 1709, will not be able to install Windows Mixed Reality Feature on Demand (FOD) directly from WSUS. Instead, use one of the following options to install Windows Mixed Reality software:
 

windows/configuration/change-history-for-configure-windows-10.md

@@ -8,13 +8,20 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 01/31/2018
+ms.date: 02/08/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## February 2018
+
+New or changed topic | Description
+--- | ---
+[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
+[Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Updated the instructions for applying a customized Start layout using Microsoft Intune.
+
 ## January 2018
 
 New or changed topic | Description

windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md

@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 11/15/2017
+ms.date: 02/08/2018
 ---
 
 # Customize Windows 10 Start and taskbar with mobile device management (MDM)
@@ -45,86 +45,37 @@ Two features enable Start layout control:
 
      
 
--   In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244).
+-   In Microsoft Intune, you select the Start layout XML file and add it to a device configuration profile. 
 
 ## <a href="" id="bkmk-domaingpodeployment"></a>Create a policy for your customized Start layout
 
 
 This example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout. See the documentation for your MDM solution for help in applying the policy.
 
-1.  In the Start layout file created when you ran **Export-StartLayout**, replace markup characters with escape characters, and save the file. (You can replace the characters manually or use an online tool.)
+1.  In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
 
-    Example of a layout file produced by Export-StartLayout:
+2.  Select **Device configuration**.
 
-    <span codelanguage="XML"></span>
+3.  Select **Profiles**.
-    <table>
-    <colgroup>
-    <col width="100%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">XML</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><pre><code>&lt;LayoutModificationTemplate Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
-      &lt;DefaultLayoutOverride&gt;
-        &lt;StartLayoutCollection&gt;
-          &lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot; xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot;&gt;
-            &lt;start:Group Name=&quot;Life at a glance&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot;&gt;
-              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge&quot; /&gt;
-              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI&quot; /&gt;
-              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
-            &lt;/start:Group&gt;        
-          &lt;/defaultlayout:StartLayout&gt;
-        &lt;/StartLayoutCollection&gt;
-      &lt;/DefaultLayoutOverride&gt;
-    &lt;/LayoutModificationTemplate&gt;</code></pre></td>
-    </tr>
-    </tbody>
-    </table>
 
-    Example of the same layout file with escape characters replacing the markup characters:
+4.  Select **Create profile**.
 
-```
+5.  Enter a friendly name for the profile.
-    &amp;lt;wdcml:p xmlns:wdcml=&amp;quot;http://microsoft.com/wdcml&amp;quot;&amp;gt;Example of a layout file produced by Export-StartLayout:&amp;lt;/wdcml:p&amp;gt;&amp;lt;wdcml:snippet xmlns:wdcml=&amp;quot;http://microsoft.com/wdcml&amp;quot;&amp;gt;&amp;lt;![CDATA[&amp;lt;LayoutModificationTemplate Version=&amp;quot;1&amp;quot; xmlns=&amp;quot;http://schemas.microsoft.com/Start/2014/LayoutModification&amp;quot;&amp;gt;
-      &amp;lt;DefaultLayoutOverride&amp;gt;
-        &amp;lt;StartLayoutCollection&amp;gt;
-          &amp;lt;defaultlayout:StartLayout GroupCellWidth=&amp;quot;6&amp;quot; xmlns:defaultlayout=&amp;quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&amp;quot;&amp;gt;
-            &amp;lt;start:Group Name=&amp;quot;Life at a glance&amp;quot; xmlns:start=&amp;quot;http://schemas.microsoft.com/Start/2014/StartLayout&amp;quot;&amp;gt;
-              &amp;lt;start:Tile Size=&amp;quot;2x2&amp;quot; Column=&amp;quot;0&amp;quot; Row=&amp;quot;0&amp;quot; AppUserModelID=&amp;quot;Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge&amp;quot; /&amp;gt;
-              &amp;lt;start:Tile Size=&amp;quot;2x2&amp;quot; Column=&amp;quot;4&amp;quot; Row=&amp;quot;0&amp;quot; AppUserModelID=&amp;quot;Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI&amp;quot; /&amp;gt;
-              &amp;lt;start:Tile Size=&amp;quot;2x2&amp;quot; Column=&amp;quot;2&amp;quot; Row=&amp;quot;0&amp;quot; AppUserModelID=&amp;quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&amp;quot; /&amp;gt;
-            &amp;lt;/start:Group&amp;gt;        
-          &amp;lt;/defaultlayout:StartLayout&amp;gt;
-        &amp;lt;/StartLayoutCollection&amp;gt;
-      &amp;lt;/DefaultLayoutOverride&amp;gt;
-    &amp;lt;/LayoutModificationTemplate&amp;gt;]]&amp;gt;&amp;lt;/wdcml:snippet&amp;gt;
-```
 
-2.  In the Microsoft Intune administration console, click **Policy** &gt; **Add Policy**.
+6.  Select **Windows 10 and later** for the platform.
 
-3.  Under **Windows**, choose a **Custom Configuration (Windows 10 Desktop and Mobile and later)** policy.
+7. Select **Device restrictions for the profile type.
 
-4.  Enter a name (mandatory) and description (optional) for the policy.
+8. Select **Start**.
 
-5.  In the **OMA-URI Settings** section, click **Add.**
+9. In **Start menu layout**, browse to and select your Start layout XML File.
 
-6.  In **Add or Edit OMA-URI Setting**, enter the following information.
+10. Select **OK** twice, and then select **Create**.
 
-    | Item  | Information |
+11. Assign the profile to a device group.
-    |----|----|
-    | **Setting name**             | Enter a unique name for the OMA-URI setting to help you identify it in the list of settings.                      |
-    | **Setting description**      | Provide a description that gives an overview of the setting and other relevant information to help you locate it. |
-    | **Data type**                | **String**                                                                                                        |
-    | **OMA-URI (case sensitive)** | **./User/Vendor/MSFT/Policy/Config/Start/StartLayout**                                                            |
-    | **Value**                    | Paste the contents of the Start layout .xml file that you created.               |
 
-     
+For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
-7.  Click **OK** to save the setting and return to the **Create Policy** page.
 
-8.  Click **Save Policy**.
 
 ## Related topics
 

windows/configuration/lock-down-windows-10-to-specific-apps.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: high
-ms.date: 01/31/2018
+ms.date: 02/08/2018
 ms.author: jdecker
 ---
 
@@ -20,21 +20,49 @@ ms.author: jdecker
 
 -   Windows 10
 
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using Microsoft Intune or a provisioning package.
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. 
+
+The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
+
+>[!WARNING]
+>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](#policies-set-by-multi-app-kiosk-configuration) are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+
+You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
+
+<span id="intune"/>
+## Configure a kiosk in Microsoft Intune
 
 Watch how to use Intune to configure a multi-app kiosk.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/ce9992ab-9fea-465d-b773-ee960b990c4a?autoplay=false]
 
->[!NOTE]
+1. [Generate the Start layout for the kiosk device.](#startlayout)
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. 
+2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+3. Select **Device configuration**.
+4. Select **Profiles**.
+5. Select **Create profile**.
+6. Enter a friendly name for the profile.
+7. Select **Windows 10 and later** for the platform.
+8. Select **Device restrictions** for the profile type.
+9. Select **Kiosk**.
+10. In **Kiosk Mode**, select **Multi app kiosk**.
+11. Select **Add** to define a configuration, which specifies the apps that will run and the layout for the Start menu.
+12. Enter a friendly name for the configuration.
+13. Select an app type, either **Win32 App** for a classic desktop application or **UWP App** for a Universal Windows Platform app.
+  - For **Win32 App**, enter the fully qualified pathname of the executable, with respect to the device.
+  - For **UWP App**, enter the Application User Model ID for an installed app.
+14. Select whether to enable the taskbar.
+15. Browse to and select the Start layout XML file that you generated in step 1.
+16. Add one or more accounts. When the account signs in, only the apps defined in the configuration will be available.
+17. Select **OK**. You can add additional configurations or finish.
+18. Assign the profile to a device group to configure the devices in that group as kiosks.
 
-The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
 
->[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
 
 
+
+## Configure a kiosk using a provisioning package
+
 Process:
 1. [Create XML file](#create-xml-file)
 2. [Add XML file to provisioning package](#add-xml)
@@ -46,14 +74,15 @@ Watch how to use a provisioning package to configure a multi-app kiosk.
 
 If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](#bridge).
 
-## Prerequisites
+### Prerequisites
 
 - Windows Configuration Designer (Windows 10, version 1709)
 - The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709
 
+>[!NOTE]
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. 
 
-
+### Create XML file
-## Create XML file
 
 Let's start by looking at the basic structure of the XML file. 
 
@@ -90,7 +119,7 @@ You can start your file by pasting the following XML (or any other examples in t
 </AssignedAccessConfiguration>
 ```
 
-### Profile
+#### Profile
 
 A profile section in the XML has the following entries: 
 
@@ -103,7 +132,7 @@ A profile section in the XML has the following entries:
 - [**Taskbar**](#taskbar)
 
 
-#### Id
+##### Id
 
 The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
 
@@ -113,7 +142,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 </Profiles>
 ```
 
-#### AllowedApps
+##### AllowedApps
 
 **AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
 
@@ -155,7 +184,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
 </AllAppsList>
 ```
 
-#### StartLayout
+##### StartLayout
 
 After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
 
@@ -202,7 +231,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
 
 ![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
 
-#### Taskbar
+##### Taskbar
 
 Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
 
@@ -221,7 +250,7 @@ The following example hides the taskbar:
 >[!NOTE]
 >This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
 
-### Configs
+#### Configs
 
 Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience. 
 
@@ -256,7 +285,7 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 
 <span id="add-xml" />
-## Add XML file to provisioning package
+### Add XML file to provisioning package
 
 Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
 
@@ -317,12 +346,12 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 15. Copy the provisioning package to the root directory of a USB drive.
 
 <span id="apply-ppkg" />
-## Apply provisioning package to device
+### Apply provisioning package to device
 
 Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 
-### During initial setup, from a USB drive
+#### During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
@@ -346,7 +375,7 @@ Provisioning packages can be applied to a device during the first-run experience
     
 
     
-### After setup, from a USB drive, network folder, or SharePoint site
+#### After setup, from a USB drive, network folder, or SharePoint site
 
 1. Sign in with an admin account.
 2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
@@ -365,7 +394,7 @@ Provisioning packages can be applied to a device during the first-run experience
 
 
 <span id="alternate-methods" />
-## Use MDM to deploy the multi-app configuration 
+### Use MDM to deploy the multi-app configuration 
 
 
 Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML. 

windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md

@@ -32,7 +32,8 @@ A single-use or *kiosk* device is easy to set up in Windows 10 for desktop edit
     
 - For a kiosk device to run a Classic Windows application, use [Shell Launcher](#shell-launcher) to set a custom user interface as the shell (Windows 10 Enterprise or Education only). 
 
-To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
+>[!TIP]
+>To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
 
 >[!NOTE]
 >A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.

windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md

@@ -51,7 +51,7 @@ The following policy settings can be configured for UE-V.
 <td align="left"><p>The default is enabled.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>Roam Windows settings</p></td>
+<td align="left"><p>Synchronize Windows settings</p></td>
 <td align="left"><p>Computers and Users</p></td>
 <td align="left"><p>This Group Policy setting configures the synchronization of Windows settings.</p></td>
 <td align="left"><p>Select which Windows settings synchronize between computers.</p>

windows/deployment/update/update-compliance-monitor.md

@@ -6,9 +6,9 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-author: DaniHalfin
+author: Jaimeo
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/13/2017
+ms.date: 02/09/2018
 ---
 
 # Monitor Windows Updates and Windows Defender Antivirus with Update Compliance
@@ -35,9 +35,9 @@ See the following topics in this guide for detailed information about configurin
 - [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
 - [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
 
-<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/1cmF5c_R8I4" frameborder="0" allowfullscreen></iframe>
+Click the following link to see a video demonstrating Update Compliance features.
 
-An overview of the processes used by the Update Compliance solution is provided below.
+[![YouTube video demonstrating Update Compliance](images/UC-vid-crop.jpg)](https://www.youtube.com/embed/1cmF5c_R8I4) 
 
 ## Update Compliance architecture
  

windows/deployment/update/waas-overview.md

@@ -4,10 +4,10 @@ description: In Windows 10, Microsoft has streamlined servicing to make operatin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: Jaimeo
 ms.localizationpriority: high
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/16/2017
+ms.date: 02/09/2018
 ---
 
 # Overview of Windows as a service
@@ -23,7 +23,10 @@ ms.date: 10/16/2017
 
 The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. 
 
-<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/qSAsiM01GOU" frameborder="0" allowfullscreen></iframe>
+Click the following Microsoft Mechanics video for an overview of the release model, particularly the Semi-Annual Channel.
+
+
+[![YouTube video of Michael Niehouse explaining how the Semi-Annual Channel works](images/SAC_vid_crop.jpg)](https://youtu.be/qSAsiM01GOU) 
 
 ## Building
 

windows/deployment/update/waas-quick-start.md

@@ -4,10 +4,10 @@ description: In Windows 10, Microsoft has streamlined servicing to make operatin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: Jaimeo
 ms.localizationpriority: high
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 07/27/2017
+ms.date: 02/09/2018
 ---
 
 # Quick guide to Windows as a service
@@ -58,7 +58,10 @@ See [Build deployment rings for Windows 10 updates](waas-deployment-rings-window
 
 ## Video: An overview of Windows as a service
 
-<iframe width="560" height="315" src="https://www.youtube.com/embed/qSAsiM01GOU" frameborder="0" allowfullscreen></iframe> 
+Click the following Microsoft Mechanics video for an overview of the updated release model, particularly the Semi-Annual Channel.
+
+
+[![YouTube video of Michael Niehouse explaining how the Semi-Annual Channel works](images/SAC_vid_crop.jpg)](https://youtu.be/qSAsiM01GOU) 
  
 ## Learn more
 

windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md

@@ -35,7 +35,7 @@ The following color-coded status changes are reflected on the upgrade overview b
 
 Click on a row to drill down and see details about individual computers. If KBs are missing, see [Deploy the compatibility update and related KBs](upgrade-readiness-get-started.md#deploy-the-compatibility-update-and-related-kbs) for information on required KBs.
 
-In the following example, there is no delay in data processing, less than 4% of computers (6k\294k) have incomplete data, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
+In the following example, there is no delay in data processing, more than 10% of computers (6k\8k) have incomplete data, more than 30% of computers (6k/8k) require a KB update, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
 
 ![Upgrade overview](../images/ur-overview.png)
 
@@ -43,9 +43,9 @@ In the following example, there is no delay in data processing, less than 4% of
 <img src="media/image3.png" width="214" height="345" />
 -->
 
-If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
+If data processing is delayed, the "Last updated" banner will indicate the date on which data was last updated. You can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed until data is refreshed. When your workspace is in this state, there is no action required; data is typically refreshed and the display will return to normal again within 24 hours. 
 
-If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center.
+If there are computers with incomplete data, verify that you have installed the latest compatibilty update KBs. Install the updated KBs if necessary and then run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center. The updated data payload should appear in Upgrade Readiness within 48 hours of a successful run on the deployment script.
 
 Select **Total computers** for a list of computers and details about them, including:
 

windows/device-security/change-history-for-device-security.md

@@ -1,52 +0,0 @@
----
-title: Change history for device security (Windows 10)
-description: This topic lists new and updated topics in the Windows 10 device security documentation for Windows 10 and Windows 10 Mobile.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 11/27/2017
----
-
-# Change history for device security
-This topic lists new and updated topics in the [Device security](index.md) documentation.
-
-## November 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [How to enable virtualization-based protection of code integrity](enable-virtualization-based-protection-of-code-integrity.md)| New. Explains how to enable HVCI.  |
-
-## October 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [TPM fundamentals](tpm/tpm-fundamentals.md)<br>[BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Explained the change to allow reducing the maximum PIN length from 6 characters to 4. |
-| [Windows security baselines](windows-security-baselines.md) | New. Security baselines added for Windows 10, versions 1703 and 1709. |
-| [Security Compliance Toolkit](security-compliance-toolkit-10.md) | New. Includes a link to tools for managing security baselines. |
-| [Get support for security baselines](get-support-for-security-baselines.md) | New. Explains supported versions for security baselines and other support questions.  |
-
-
-
-## August 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [BitLocker: Management recommendations for enterprises](bitlocker/bitlocker-management-for-enterprises.md) | New BitLocker security topic. |
-| [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md) | Revised description |
-
-
-## July 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [How Windows 10 uses the Trusted Platform Module](tpm/how-windows-uses-the-tpm.md) | New TPM security topic. |
-
-
-## May 2017
-|New or changed topic |Description |
-|---------------------|------------|
-| [BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Changed startup PIN minimun length from 4 to 6. |
-| [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) | New security policy setting. |
-
-## March 2017
-|New or changed topic |Description |
-|---------------------|------------|
-|[Requirements and deployment planning guidelines for Device Guard](device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md) | Updated to include additional security qualifications starting with Windows 10, version 1703.|

windows/device-security/index.md

@@ -1,27 +1,3 @@
 ---
-title: Device Security (Windows 10)
+redirect_url: https://docs.microsoft.com/windows/security/threat-protection/
-description: Learn more about how to help secure your Windows 10 and Windows 10 Mobile devices.
+---
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 04/24/2017
----
-
-# Device Security
-
-Learn more about how to help secure your Windows 10 and Windows 10 Mobile devices.
-
-| Section | Description |
-|-|-|
-| [AppLocker](applocker/applocker-overview.md)| Describes AppLocker, and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.|
-| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
-| [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) | Learn more about protecting high-value assets. |
-| [Device Guard deployment guide](device-guard/device-guard-deployment-guide.md) | Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If the app isn’t trusted it can’t run, period. It also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code after the computer restarts because of how decisions are made about what can run and when. |
-| [Encrypted Hard Drive](encrypted-hard-drive.md) | Provides information about Encrypted Hard Drive, which uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.|
-| [Security auditing](auditing/security-auditing-overview.md)| Describes how the IT professional can use the security auditing features in Windows, and how organizations can benefit from using these technologies, to enhance the security and manageability of networks.|
-| [Security policy settings](security-policy-settings/security-policy-settings.md)| Provides a collection of reference topics that describe the common scenarios, architecture, and processes for security settings.|
-| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Provides links to information about the Trusted Platform Module (TPM), which is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. |
-| [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) | Learn more about securing your Windows 10 Mobile devices. |
-| [Windows security baselines](windows-security-baselines.md) | Learn why you should use security baselines in your organization. |

windows/hub/TOC.md

@@ -5,8 +5,8 @@
 ## [Configuration](/windows/configuration)
 ## [Client management](/windows/client-management)
 ## [Application management](/windows/application-management)
-## [Access protection](/windows/access-protection)
+## [Identity and access management](/windows/security/identity-protection)
-## [Device security](/windows/device-security)
+## [Information protection](/windows/security/information-protection)
-## [Threat protection](/windows/threat-protection)
+## [Threat protection](/windows/security/threat-protection)
 ## [Troubleshooting](/windows/client-management/windows-10-support-solutions)
 ## [Other Windows client versions](https://docs.microsoft.com/previous-versions/windows)

windows/hub/breadcrumb/toc.yml

@@ -6,31 +6,42 @@
       tocHref: /windows
       topicHref: /windows/windows-10
       items:
-      - name: What's new
+        - name: What's new
-        tocHref: /windows/whats-new/
+          tocHref: /windows/whats-new/
-        topicHref: /windows/whats-new/index
+          topicHref: /windows/whats-new/index
-      - name: Configuration
+        - name: Configuration
-        tocHref: /windows/configuration/
+          tocHref: /windows/configuration/
-        topicHref: /windows/configuration/index
+          topicHref: /windows/configuration/index
-      - name: Deployment
+        - name: Deployment
-        tocHref: /windows/deployment/
+          tocHref: /windows/deployment/
-        topicHref: /windows/deployment/index
+          topicHref: /windows/deployment/index
-      - name: Application management
+        - name: Application management
-        tocHref: /windows/application-management/
+          tocHref: /windows/application-management/
-        topicHref: /windows/application-management/index
+          topicHref: /windows/application-management/index
-      - name: Client management
+        - name: Client management
-        tocHref: /windows/client-management/
+          tocHref: /windows/client-management/
-        topicHref: /windows/client-management/index
+          topicHref: /windows/client-management/index
-        items:
+          items:
-        - name: Mobile Device Management
+            - name: Mobile Device Management
-          tocHref: /windows/client-management/mdm
+              tocHref: /windows/client-management/mdm/
-          topicHref: /windows/client-management/mdm/index
+              topicHref: /windows/client-management/mdm/index
-      - name: Access protection
+        - name: Security
-        tocHref: /windows/access-protection/
+          tocHref: /windows/security/
-        topicHref: /windows/access-protection/index
+          topicHref: /windows/security/index
-      - name: Device security
+          items:
-        tocHref: /windows/device-security/
+            - name: Identity and access protection
-        topicHref: /windows/device-security/index
+              tocHref: /windows/security/identity-protection/
-      - name: Threat protection
+              topicHref: /windows/security/identity-protection/index
-        tocHref: /windows/threat-protection/
+              items:
-        topicHref: /windows/threat-protection/index
+                - name: Windows Hello for Business
+                  tocHref: /windows/security/identity-protection/hello-for-business
+                  topicHref: /windows/security/identity-protection/hello-for-business/hello-identity-verification
+            - name: Threat protection
+              tocHref: /windows/security/threat-protection/
+              topicHref: /windows/security/threat-protection/index
+            - name: Information protection
+              tocHref: /windows/security/information-protection/
+              topicHref: /windows/security/information-protection/index
+            - name: Hardware-based protection
+              tocHref: /windows/security/hardware-protection/
+              topicHref: /windows/security/hardware-protection/index

windows/security/TOC.md

@@ -1 +1,5 @@
-# [Index](index.md)
+# [Security](index.yml)
+## [Identity and access management](identity-protection/index.md)
+## [Threat protection](threat-protection/index.md)
+## [Information protection](information-protection/index.md)
+## [Hardware-based protection](hardware-protection/index.md)

windows/security/docfx.json

@@ -20,7 +20,8 @@
       {
         "files": [
           "**/*.png",
-          "**/*.jpg"
+          "**/*.jpg",
+           "**/*.gif"
         ],
         "exclude": [
           "**/obj/**",
@@ -35,8 +36,7 @@
 	  "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
 	  "ms.technology": "windows",
 	  "ms.topic": "article",
-	  "ms.author": "justinha",
+	  "ms.author": "justinha"
-      "extendBreadcrumb": true
     },
     "fileMetadata": {},
     "template": [],

windows/security/hardware-protection/TOC.md

@@ -0,0 +1,21 @@
+# [Hardware-based protection](index.md)
+
+## [Encrypted Hard Drive](encrypted-hard-drive.md)
+
+## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+
+## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
+
+## [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)
+### [Trusted Platform Module Overview](tpm/trusted-platform-module-overview.md)
+### [TPM fundamentals](tpm/tpm-fundamentals.md)
+### [How Windows 10 uses the TPM](tpm/how-windows-uses-the-tpm.md)
+### [TPM Group Policy settings](tpm/trusted-platform-module-services-group-policy-settings.md)
+### [Back up the TPM recovery information to AD DS](tpm/backup-tpm-recovery-information-to-ad-ds.md)
+### [Manage TPM commands](tpm/manage-tpm-commands.md)
+### [Manage TPM lockout](tpm/manage-tpm-lockout.md)
+### [Change the TPM owner password](tpm/change-the-tpm-owner-password.md)
+### [View status, clear, or troubleshoot the TPM](tpm/initialize-and-configure-ownership-of-the-tpm.md)
+### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md)
+### [TPM recommendations](tpm/tpm-recommendations.md)
+

windows/security/hardware-protection/index.md

@@ -0,0 +1,21 @@
+---
+title: Hardware-based Protection (Windows 10)
+description: Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+ms.date: 02/05/2018
+---
+
+# Hardware-based protection
+
+Windows 10 leverages these hardware-based security features to protect and maintain system integrity.
+
+| Section | Description |
+|-|-|
+| [Encrypted Hard Drive](encrypted-hard-drive.md) | Provides information about Encrypted Hard Drive, which uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.|
+|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) |Learn about how hardware-based containers can isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.|
+|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) |Learn about the Windows 10 security features that help to protect your PC from malware, including rootkits and other applications.|
+| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Provides links to information about the Trusted Platform Module (TPM), which is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. |

windows/security/identity-protection/TOC.md

@@ -1,4 +1,4 @@
-# [Access protection](access-control/access-control.md)
+# [Identity and access management](index.md)
 
 ## [Access Control Overview](access-control/access-control.md)
 ### [Dynamic Access Control Overview](access-control/dynamic-access-control.md)
@@ -17,6 +17,8 @@
 
 ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
 
+## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+
 ## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md)
 ### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md)
 ### [Credential Guard Requirements](credential-guard/credential-guard-requirements.md)
@@ -65,6 +67,7 @@
 ### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md)
 ### [VPN security features](vpn\vpn-security-features.md)
 ### [VPN profile options](vpn\vpn-profile-options.md)
+### [How to configure Diffie Hellman protocol over IKEv2 VPN connections](vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md)
 ### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md)
 ### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)