From 1b4d3a72886f9928823d8f430849d2e866956788 Mon Sep 17 00:00:00 2001
From: NaamaSc <naamas@microsoft.com>
Date: Wed, 24 Aug 2016 09:43:59 +0300
Subject: [PATCH 01/26] Update windows-defender-advanced-threat-protection.md

testing out the changes suggestion
---
 .../keep-secure/windows-defender-advanced-threat-protection.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 01fccfad1a..5aeaa6358f 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -15,7 +15,7 @@ localizationpriority: high
 
 **Applies to:**
 
-- Windows 10 Enterprise
+- Windows 10 Enterprise, 1607
 - Windows 10 Enterprise for Education
 - Windows 10 Pro
 - Windows 10 Pro Education

From e5961d6a86762d3c39684bb3edda7b21411ee286 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Wed, 24 Aug 2016 16:59:46 +1000
Subject: [PATCH 02/26] Update windows-defender-advanced-threat-protection.md

---
 .../keep-secure/windows-defender-advanced-threat-protection.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 5aeaa6358f..925af5c56a 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -15,7 +15,7 @@ localizationpriority: high
 
 **Applies to:**
 
-- Windows 10 Enterprise, 1607
+- Windows 10 Enterprise, 1607 correct
 - Windows 10 Enterprise for Education
 - Windows 10 Pro
 - Windows 10 Pro Education

From 40e32725afa567551e7552a5db5bd19fb6f4cc76 Mon Sep 17 00:00:00 2001
From: NaamaSc <naamas@microsoft.com>
Date: Wed, 24 Aug 2016 10:03:13 +0300
Subject: [PATCH 03/26] Update windows-defender-advanced-threat-protection.md

back and forth
---
 .../keep-secure/windows-defender-advanced-threat-protection.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 925af5c56a..bf62da150c 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -15,7 +15,7 @@ localizationpriority: high
 
 **Applies to:**
 
-- Windows 10 Enterprise, 1607 correct
+- Windows 10 Enterprise, let's change back
 - Windows 10 Enterprise for Education
 - Windows 10 Pro
 - Windows 10 Pro Education

From b34030cdc115c71e5f709988d099d0753eb7a464 Mon Sep 17 00:00:00 2001
From: Tommy N <tonguyen@microsoft.com>
Date: Thu, 25 Aug 2016 10:30:43 -0700
Subject: [PATCH 04/26] Update uev-whats-new-in-uev-for-windows.md

---
 windows/manage/uev-whats-new-in-uev-for-windows.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/manage/uev-whats-new-in-uev-for-windows.md b/windows/manage/uev-whats-new-in-uev-for-windows.md
index c0c04d550b..995e5f9edd 100644
--- a/windows/manage/uev-whats-new-in-uev-for-windows.md
+++ b/windows/manage/uev-whats-new-in-uev-for-windows.md
@@ -27,6 +27,8 @@ The changes in UE-V for Windows 10, version 1607 impact already existing impleme
 
 - The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings. 
 
+- The inbox templates such as Office 2016 and IE 10 are included as a part of Windows 10 and need to be manually registered with Powershell or Group policy before use.
+
 For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md).
 
 > **Important**&nbsp;&nbsp;You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.

From 6854478cbda260fa94b6b6e197771c35c1fe066f Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 12:06:07 -0700
Subject: [PATCH 05/26] Update to TPM On/Off Re: TPM 1.2

The option to turn on or off the TPM only applies to TPM 1.2.
---
 .../initialize-and-configure-ownership-of-the-tpm.md        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index a1d2220641..1317cf6385 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -106,13 +106,13 @@ Some systems may have multiple TPMs and the active TPM may be toggled in the BIO
 
 ## <a href="" id="bkmk-onoff"></a>Turn on or turn off the TPM
 
-Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
+Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.  This option is only available with TPM 1.2 and does not apply to TPM 2.0.
 
 ### <a href="" id="turn-on-the-tpm-"></a>Turn on the TPM
 
 If the TPM has been initialized but has never been used, or if you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
 
-**To turn on the TPM**
+**To turn on the TPM (TPM 1.2 Only)**
 
 1.  Open the TPM MMC (tpm.msc).
 2.  In the **Action** pane, click **Turn TPM On** to display the **Turn on the TPM Security Hardware** page. Read the instructions on this page.
@@ -125,7 +125,7 @@ If the TPM has been initialized but has never been used, or if you want to use t
 If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM. If you have the TPM owner password, physical access to the computer is not required to turn off the TPM. If you do not have the TPM owner password, you must have physical access to the 
 computer to turn off the TPM.
 
-**To turn off the TPM**
+**To turn off the TPM (TPM 1.2 only)**
 
 1.  Open the TPM MMC (tpm.msc).
 2.  In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page.

From 5801353e06dfeff4307ae5e3e42189e209735bf4 Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 13:20:17 -0700
Subject: [PATCH 06/26] Clarifications about Owner Password on Windows 10

---
 .../keep-secure/change-the-tpm-owner-password.md | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index ba11bc7a8c..f4c2e824a5 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -16,12 +16,14 @@ author: brianlic-msft
 
 This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 
-## About the TPM owner password
-The owner of the TPM is the user who possesses the owner password and is able to set it and change it. Only one owner password exists per TPM. The owner of the TPM can make full use of TPM capabilities. When an owner is set, no other user or software can claim ownership of the TPM. Only the TPM owner can enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. Taking ownership of the TPM can be performed as part of the initialization process. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+## About the TPM Owner Password
+Starting with Windows 10 Anniversary Edition, Windows will not retain the TPM Owner Password when provisioning the TPM.  The password will be set to a random high entropy value and then discarded.
 
-Applications, including BitLocker Drive Encryption, can automatically start the initialization process. If you enable BitLocker without manually initializing the TPM, the TPM owner password is automatically created and saved in the same location as the BitLocker recovery password.
-The TPM owner password can be saved as a file on a removable storage device, or on another computer. The password can also be printed. The TPM MMC gives the TPM owner the sole ability to choose the appropriate option to type the password or to use the saved password.
-As with any password, you should change your TPM owner password if you suspect that it has become compromised and is no longer a secret.
+In order to retain the TPM Owner Password, you will need to set the registry key 'HKLM\Software\Policies\Microsoft\TPM' [REG_DWORD] 'OSManagedAuthLevel' to 4.  The default value for this key is 2, and unless changed to 4 before the TPM is provisioned the Owner Password will not be saved.  Microsoft strongly recommends that you do not change the default value of this registry key in order to retain the Owner Password.
+
+Only one Owner Password exists per TPM. The TPM Owner Password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM Owner Password also allows manipulation of the TPM Dictionary Attack logic.  Taking ownership of the TPM  is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+
+Without the Owner Password you can still perform all the above actions via a physical presence confirmation from UEFI.
 
 **Other TPM management options**
 
@@ -31,7 +33,7 @@ Instead of changing your owner password, you can also use the following options
 
     >**Important:**  Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.
      
--   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff).
+-   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff).  This option is only available for TPM 1.2.
 
 ## Change the TPM owner password
 
@@ -39,6 +41,8 @@ The following procedure provides the steps that are necessary to change the TPM
 
 **To change the TPM owner password**
 
+If you have opted specifically to preserve the TPM Owner Password, you can use the saved Password to change to a new Password.
+
 1.  Open the TPM MMC (tpm.msc). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
 2.  In the **Actions** pane, click **Change Owner Password**.
 3.  In the **Manage the TPM security hardware** dialog box, select a method to enter your current TPM owner password.

From 7f14cf3bd2243711291f226dfacecbf3b28b4af7 Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 13:30:15 -0700
Subject: [PATCH 07/26] Update to Describe Windows 10 Lockout Behavior

---
 windows/keep-secure/manage-tpm-lockout.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index 61c94cc77e..afebcc7c58 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -19,17 +19,21 @@ This topic for the IT professional describes how to manage the lockout feature f
 
 The TPM will lock itself to prevent tampering or malicious attacks. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error message when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode.
 
-TPM ownership is commonly taken the first time BitLocker Drive Encryption is turned on for the computer. In this case, the TPM owner authorization password is saved with the BitLocker recovery key. When the BitLocker recovery key is saved to a file, BitLocker also saves a TPM owner password file (.tpm) with the TPM owner password hash value. When the BitLocker recovery key is printed, the TPM owner password is printed at the same time. You can also save your TPM owner password hash value to Active Directory Domain Services (AD DS) if your organization's Group Policy settings are configured to do so.
+TPM ownership is taken upon first boot by Windows.  By default Windows does not retain the TPM Owner Password.
 
 In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.
 
-The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM manufacturers implement different protection mechanisms and behavior. The general guidance is for the TPM chip to take exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
+**TPM 1.2**
+The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
+
+**TPM 2.0**
+ TPM 2.0 devices have standardized lockout behavior which is configured by Windows.  TPM 2.0 devices have a maximum count threshold and a healing time.  Windows configures the maximum count to be 32 and the healing time to be 2 hours.  This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
 
 If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization.
 
 ## Reset the TPM lockout by using the TPM MMC
 
-The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.
+The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.  Note that this procedure is only available if you have configured Windows to retain the TPM Owner Password.  By default this behavior is not available in Windows 10.
 
 **To reset the TPM lockout**
 
@@ -71,4 +75,4 @@ For details about the individual cmdlets, see [TPM Cmdlets in Windows PowerShell
 
 ## Additional resources
 
-For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources).
\ No newline at end of file
+For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources).

From 7f1ad9e39adb743ccd4169011dd58dcecb47f060 Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 13:37:53 -0700
Subject: [PATCH 08/26] Update with behavior from Anniversary Edition

---
 ...m-module-services-group-policy-settings.md | 32 ++++++++-----------
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index ff626bb1de..291d6ef659 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -22,16 +22,16 @@ The TPM Services Group Policy settings are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-| Setting | Windows 10 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
+| Setting | Windows 10 Anniversary Edition | Windows 10 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
 | - | - | - | - | - | - |
-| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | X| X| X| X| X| 
-| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| 
-| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| 
-| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| 
-| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| X| X| X|||  
-| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X|||  
-| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X|||  
-| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X||||
+| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | | X| X| X| X| X| 
+| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| x| X| X| X| X| X| 
+| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | x| X| X| X| X| X| 
+| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | x| X| X| X| X| X| 
+| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| | X| X| X|||  
+| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| x| X| X| X|||  
+| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| x| X| X| X|||  
+| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| x| X| X| X||||
  
 ### <a href="" id="bkmk-tpmgp-addsbu"></a>Turn on TPM backup to Active Directory Domain Services
 
@@ -41,9 +41,7 @@ This policy setting allows you to manage the Active Directory Domain Services (A
  
 TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands.
 
->**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md).
- 
-The TPM cannot be used to provide enhanced security features for BitLocker Drive Encryption and other applications without first setting an owner. To take ownership of the TPM with an owner password, on a local computer at the command prompt, type **tpm.msc** to open the TPM Management Console and select the action to **Initialize TPM**. If the TPM owner information is lost or is not available, limited TPM management is possible by running **tpm.msc**.
+>**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md).  This functionality is discontinued starting with Windows 10 Anniversary Edition.
 
 If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
 
@@ -99,10 +97,10 @@ This policy setting configures how much of the TPM owner authorization informati
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
 -   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used.
--   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value—for example, backing up the value in Active Directory Domain Services (AD DS).
+-   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows.
 -   **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
 
->**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid. If you are backing up the TPM owner authorization value to AD DS, the new owner authorization value is automatically backed up to AD DS when it is changed.
+>**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid.
  
 **Registry information**
 
@@ -132,8 +130,6 @@ authorization to the TPM.
  
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption.
 
-The number of authorization failures that a TPM allows and how long it stays locked vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time, with fewer authorization failures, depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require that the system is on so enough clock cycles elapse before the TPM exits the lockout mode.
-
 This setting helps administrators prevent the TPM hardware from entering a lockout mode by slowing the speed at which standard users can send commands that require authorization to the TPM.
 
 For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration:
@@ -176,9 +172,7 @@ For each standard user two thresholds apply. Exceeding either threshold will pre
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features 
 such as BitLocker Drive Encryption..
 
-The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
-
-An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
+An administrator with the TPM Owner Password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
 If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
 

From 6b74adedda2fb958f0c67a175947330dfa9cf3e0 Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 13:41:18 -0700
Subject: [PATCH 09/26] Update for TPM Clear Button Behavior

---
 .../initialize-and-configure-ownership-of-the-tpm.md   | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index a1d2220641..3574cacf4d 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -156,14 +156,8 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
     
     Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data that is protected by those keys.
      
-4.  In the **Clear the TPM security hardware** dialog box, select one of the following methods to enter your password and clear the TPM:
-    -   If you have the removable storage device with your saved TPM owner password, insert it, and click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, use **Browse** to navigate to the .tpm file that is saved on your removable storage device. Click **Open**, and then click **Clear TPM**.
-    -   If you do not have the removable storage device with your saved password, click **I want to enter the owner password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and click **Clear TPM**.
-    -   If you do not know your TPM owner password, click **I don't have the TPM owner password**, and follow the instructions that are provided to clear the TPM without entering the password.
-    >**Note:**  If you have physical access to the computer, you can clear the TPM and perform a limited number of management tasks without entering the TPM owner password.
-     
-    The status of your TPM is displayed under **Status** in TPM MMC.
-
+4.  You will be prompted to restart the computer.  On the restart you will be prompted by the BIOS or UEFI to press a button to confirm you wish to clear the TPM.
+5.  
 ## <a href="" id="bkmk-tpmcmdlets"></a>Use the TPM cmdlets
 
 If you are using Windows PowerShell to manage your computers, you can also manage the TPM by using Windows PowerShell. To install the TPM cmdlets, type the following command:

From 445e14ac6db2a34316436073fa1df2b2fea7061d Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 13:43:40 -0700
Subject: [PATCH 10/26] Update backup-tpm-recovery-information-to-ad-ds.md

---
 .../keep-secure/backup-tpm-recovery-information-to-ad-ds.md  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
index aee1050952..a86a7a1811 100644
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@@ -12,7 +12,10 @@ author: brianlic-msft
 # Backup the TPM recovery Information to AD DS
 
 **Applies to**
--   Windows 10
+-   Windows 10 (builds 10240 or 10568 only)
+
+**Does not apply to**
+- Windows 10 Anniversary Edition or later
 
 This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer.
 

From 1b6cb631bb33b864a4599197a0468de90c0ba756 Mon Sep 17 00:00:00 2001
From: gastocco <gastocco@microsoft.com>
Date: Thu, 25 Aug 2016 13:44:38 -0700
Subject: [PATCH 11/26] Update ad-ds-schema-extensions-to-support-tpm-backup.md

---
 .../ad-ds-schema-extensions-to-support-tpm-backup.md          | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
index 8e62ff36b5..ef740660d1 100644
--- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
+++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
@@ -12,7 +12,9 @@ author: brianlic-msft
 # AD DS schema extensions to support TPM backup
 
 **Applies to**
--   Windows 10
+-   Windows 10 (builds 10240 and 10568 only)
+**Does not apply to**
+- Windows 10 Anniversary Edition or later
 
 This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization.
 

From d21e0de31e4216bbe504d3bc2f2694e2809cc1ec Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 15:14:23 -0700
Subject: [PATCH 12/26] Update change-the-tpm-owner-password.md

---
 windows/keep-secure/change-the-tpm-owner-password.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index f4c2e824a5..fcae2ec4ba 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -16,14 +16,14 @@ author: brianlic-msft
 
 This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 
-## About the TPM Owner Password
-Starting with Windows 10 Anniversary Edition, Windows will not retain the TPM Owner Password when provisioning the TPM.  The password will be set to a random high entropy value and then discarded.
+## About the TPM owner password
+Starting with Windows 10, version 1607 , Windows will not retain the TPM owner password when provisioning the TPM.  The password will be set to a random high entropy value and then discarded.
 
-In order to retain the TPM Owner Password, you will need to set the registry key 'HKLM\Software\Policies\Microsoft\TPM' [REG_DWORD] 'OSManagedAuthLevel' to 4.  The default value for this key is 2, and unless changed to 4 before the TPM is provisioned the Owner Password will not be saved.  Microsoft strongly recommends that you do not change the default value of this registry key in order to retain the Owner Password.
+In order to retain the TPM owner password, you will need to set the registry key 'HKLM\Software\Policies\Microsoft\TPM' [REG_DWORD] 'OSManagedAuthLevel' to 4.  The default value for this key is 2, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.  Microsoft strongly recommends that you do not change the default value of this registry key in order to retain the owner password.
 
-Only one Owner Password exists per TPM. The TPM Owner Password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM Owner Password also allows manipulation of the TPM Dictionary Attack logic.  Taking ownership of the TPM  is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic.  Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
 
-Without the Owner Password you can still perform all the above actions via a physical presence confirmation from UEFI.
+Without the owner password you can still perform all the preceding actions by means of a physical presence confirmation from UEFI.
 
 **Other TPM management options**
 
@@ -41,7 +41,7 @@ The following procedure provides the steps that are necessary to change the TPM
 
 **To change the TPM owner password**
 
-If you have opted specifically to preserve the TPM Owner Password, you can use the saved Password to change to a new Password.
+If you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
 
 1.  Open the TPM MMC (tpm.msc). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
 2.  In the **Actions** pane, click **Change Owner Password**.

From 8d311701f285916f26a774318948f7eaecdefc6a Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 15:18:54 -0700
Subject: [PATCH 13/26] Copyedits

In my two commits. I changed anniversary to Windows 10 version 1607. That's the name that marketing asked us to use for docs. I changed owner password to lower case bc it's not a proper noun.
---
 windows/keep-secure/change-the-tpm-owner-password.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index fcae2ec4ba..50d9175eb2 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -33,7 +33,7 @@ Instead of changing your owner password, you can also use the following options
 
     >**Important:**  Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.
      
--   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff).  This option is only available for TPM 1.2.
+-   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff). This option is only available for TPM 1.2.
 
 ## Change the TPM owner password
 

From 7d1f9ce3c26d2fd3a43c42a7fece9e07f83b52f4 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 15:20:56 -0700
Subject: [PATCH 14/26] Copyedits

Just removed an extra space
---
 .../initialize-and-configure-ownership-of-the-tpm.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index 1317cf6385..694171d845 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -106,7 +106,7 @@ Some systems may have multiple TPMs and the active TPM may be toggled in the BIO
 
 ## <a href="" id="bkmk-onoff"></a>Turn on or turn off the TPM
 
-Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.  This option is only available with TPM 1.2 and does not apply to TPM 2.0.
+Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. This option is only available with TPM 1.2 and does not apply to TPM 2.0.
 
 ### <a href="" id="turn-on-the-tpm-"></a>Turn on the TPM
 

From 9fda55ed57e969cfa1ea87fbd99bf0ed3b69b9cb Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 15:36:02 -0700
Subject: [PATCH 15/26] changed build numbers to version numbers

For docs, we refer to version numbers, eg Windows 10, version 1507. I changed the references.
---
 .../ad-ds-schema-extensions-to-support-tpm-backup.md      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
index ef740660d1..9ce1e76918 100644
--- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
+++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
@@ -12,15 +12,17 @@ author: brianlic-msft
 # AD DS schema extensions to support TPM backup
 
 **Applies to**
--   Windows 10 (builds 10240 and 10568 only)
+-   Windows 10, version 1511
+-   Windows 10, version 1507
+
 **Does not apply to**
-- Windows 10 Anniversary Edition or later
+- Windows 10, version 1607 or later
 
 This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization.
 
 ## Why a schema extension is needed
 
-The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schemas. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012:
+The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schema. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012, you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012:
 
 ### <a href="" id="tpmschemaextension-ldf-"></a>TpmSchemaExtension.ldf
 

From 326065e9177f37d4c4948208090a9eedb9b68076 Mon Sep 17 00:00:00 2001
From: Elizabeth Ross <lizross@microsoft.com>
Date: Thu, 25 Aug 2016 16:07:16 -0700
Subject: [PATCH 16/26] Update protect-enterprise-data-using-wip.md

---
 windows/keep-secure/protect-enterprise-data-using-wip.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/protect-enterprise-data-using-wip.md b/windows/keep-secure/protect-enterprise-data-using-wip.md
index e97e4432da..4cf214d146 100644
--- a/windows/keep-secure/protect-enterprise-data-using-wip.md
+++ b/windows/keep-secure/protect-enterprise-data-using-wip.md
@@ -75,9 +75,10 @@ WIP gives you a new way to manage data policy enforcement for apps and documents
 
     -   **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
 
--   **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.<p>**Note**<br>System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
+-   **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
+    > **Note**<br>System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
 
 ## Next steps
 After deciding to use WIP in your enterprise, you need to:
 
--   [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md)
\ No newline at end of file
+-   [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md)

From c623ef95bd6fb45df949d99034fb290265c6b6fc Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:12:30 -0700
Subject: [PATCH 17/26] changed build numbers to version numbers

---
 .../keep-secure/backup-tpm-recovery-information-to-ad-ds.md  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
index a86a7a1811..0beb5a8932 100644
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@@ -12,10 +12,11 @@ author: brianlic-msft
 # Backup the TPM recovery Information to AD DS
 
 **Applies to**
--   Windows 10 (builds 10240 or 10568 only)
+-   Windows 10, version 1511
+-   Windows 10, version 1507
 
 **Does not apply to**
-- Windows 10 Anniversary Edition or later
+- Windows 10, version 1607 or later
 
 This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer.
 

From 275cb6b3e06eb21475b12f27b46661190ac19aaf Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:16:50 -0700
Subject: [PATCH 18/26] removed extra step 5 and some copyedits

---
 .../initialize-and-configure-ownership-of-the-tpm.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index 3574cacf4d..7bafab6842 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -156,8 +156,8 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
     
     Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data that is protected by those keys.
      
-4.  You will be prompted to restart the computer.  On the restart you will be prompted by the BIOS or UEFI to press a button to confirm you wish to clear the TPM.
-5.  
+4.  You will be prompted to restart the computer. During the restart, you will be prompted by the BIOS or UEFI to press a button to confirm you wish to clear the TPM.
+
 ## <a href="" id="bkmk-tpmcmdlets"></a>Use the TPM cmdlets
 
 If you are using Windows PowerShell to manage your computers, you can also manage the TPM by using Windows PowerShell. To install the TPM cmdlets, type the following command:

From f8d81e94aa38598a67a760db7887a660f838152b Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:25:12 -0700
Subject: [PATCH 19/26] changed build numbers to version numbers

---
 ...atform-module-services-group-policy-settings.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index 291d6ef659..4732e23d51 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -22,16 +22,16 @@ The TPM Services Group Policy settings are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-| Setting | Windows 10 Anniversary Edition | Windows 10 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
+| Setting | Windows 10, version 1607 | Windows 10, version 1511 and Windows 10, version 1507 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
 | - | - | - | - | - | - |
 | [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | | X| X| X| X| X| 
-| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| x| X| X| X| X| X| 
-| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | x| X| X| X| X| X| 
-| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | x| X| X| X| X| X| 
+| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| X| 
+| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| X| 
+| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| X| 
 | [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| | X| X| X|||  
-| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| x| X| X| X|||  
-| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| x| X| X| X|||  
-| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| x| X| X| X||||
+| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X| X|||  
+| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X| X|||  
+| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X| X||||
  
 ### <a href="" id="bkmk-tpmgp-addsbu"></a>Turn on TPM backup to Active Directory Domain Services
 

From 34f37f2577d3348615f5c107a0159838e344ae8d Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:28:57 -0700
Subject: [PATCH 20/26] changed anniversary edition to version 1607

---
 .../trusted-platform-module-services-group-policy-settings.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index 4732e23d51..09040693c0 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -41,7 +41,7 @@ This policy setting allows you to manage the Active Directory Domain Services (A
  
 TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands.
 
->**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md).  This functionality is discontinued starting with Windows 10 Anniversary Edition.
+>**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). This functionality is discontinued starting with Windows 10, version 1607.
 
 If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
 

From b5875f06fbb18971776d19225266a814b2994d43 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:30:32 -0700
Subject: [PATCH 21/26] made owner apssword lower case

---
 .../trusted-platform-module-services-group-policy-settings.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index 09040693c0..c60ccfbea9 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -172,7 +172,7 @@ For each standard user two thresholds apply. Exceeding either threshold will pre
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features 
 such as BitLocker Drive Encryption..
 
-An administrator with the TPM Owner Password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
+An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
 If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
 

From 19d477fa7579452474c39021bbcd1b22dda9f176 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:34:02 -0700
Subject: [PATCH 22/26] Copyedits

---
 windows/keep-secure/manage-tpm-lockout.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index afebcc7c58..33d93ae05c 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -27,13 +27,13 @@ In some cases, encryption keys are protected by a TPM by requiring a valid autho
 The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
 
 **TPM 2.0**
- TPM 2.0 devices have standardized lockout behavior which is configured by Windows.  TPM 2.0 devices have a maximum count threshold and a healing time.  Windows configures the maximum count to be 32 and the healing time to be 2 hours.  This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
+ TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
 
 If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization.
 
 ## Reset the TPM lockout by using the TPM MMC
 
-The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.  Note that this procedure is only available if you have configured Windows to retain the TPM Owner Password.  By default this behavior is not available in Windows 10.
+The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.  Note that this procedure is only available if you have configured Windows to retain the TPM owner password. By default, this behavior is not available in Windows 10.
 
 **To reset the TPM lockout**
 

From 7922b49429bcd535d968be78c176be4ef04e8182 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:34:41 -0700
Subject: [PATCH 23/26] Update manage-tpm-lockout.md

---
 windows/keep-secure/manage-tpm-lockout.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index 33d93ae05c..de41088ebb 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -19,7 +19,7 @@ This topic for the IT professional describes how to manage the lockout feature f
 
 The TPM will lock itself to prevent tampering or malicious attacks. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error message when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode.
 
-TPM ownership is taken upon first boot by Windows.  By default Windows does not retain the TPM Owner Password.
+TPM ownership is taken upon first boot by Windows. By default, Windows does not retain the TPM owner password.
 
 In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.
 

From d9e9f475ce030e552ac5430599984acfa739d2f9 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Thu, 25 Aug 2016 16:35:33 -0700
Subject: [PATCH 24/26] Update manage-tpm-lockout.md

---
 windows/keep-secure/manage-tpm-lockout.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index de41088ebb..d7b997538c 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -24,7 +24,7 @@ TPM ownership is taken upon first boot by Windows. By default, Windows does not
 In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.
 
 **TPM 1.2**
-The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
+The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
 
 **TPM 2.0**
  TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.

From 53dbf987a3665219ee4d06a6c1c4a5982008517a Mon Sep 17 00:00:00 2001
From: JanKeller1 <v-jak@microsoft.com>
Date: Thu, 25 Aug 2016 16:47:20 -0700
Subject: [PATCH 25/26] Small fixes that came from visual test pass

---
 ...ation-publishing-and-client-interaction.md |   2 +-
 ...on-groups-to-ignore-the-package-version.md |   2 +-
 .../appv-connect-to-the-management-console.md |   2 +-
 windows/manage/appv-connection-group-file.md  | 131 +++++++-----------
 ...application-package-package-accelerator.md |  59 +++-----
 .../appv-create-and-use-a-project-template.md |  21 +--
 .../manage/appv-managing-connection-groups.md |  13 +-
 windows/manage/appv-performance-guidance.md   |   2 +-
 8 files changed, 92 insertions(+), 140 deletions(-)

diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md
index 6b0f31cb3f..31ace970ff 100644
--- a/windows/manage/appv-application-publishing-and-client-interaction.md
+++ b/windows/manage/appv-application-publishing-and-client-interaction.md
@@ -232,7 +232,7 @@ The Package Store contains a pristine copy of the package files that have been s
 
 ### COW roaming
 
-The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\*<username>*\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings.
+The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\*&lt;username&gt;*\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings.
 
 ### COW local
 
diff --git a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
index 9ef529d55a..d0dd6dc5b9 100644
--- a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -40,7 +40,7 @@ For more about adding or upgrading packages, see [How to Add or Upgrade Packages
 
 1. Create the connection group XML document.
 
-2. For the package to be upgraded, set the **Package** tag attribute **VersionID** to an asterisk (**\***).
+2. For the package to be upgraded, set the **Package** tag attribute **VersionID** to an asterisk (<strong>*</strong>).
 
 3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document:
 
diff --git a/windows/manage/appv-connect-to-the-management-console.md b/windows/manage/appv-connect-to-the-management-console.md
index a83795a235..47da73bf11 100644
--- a/windows/manage/appv-connect-to-the-management-console.md
+++ b/windows/manage/appv-connect-to-the-management-console.md
@@ -17,7 +17,7 @@ Use the following procedure to connect to the App-V Management Console.
 
 **To connect to the App-V Management Console**
 
-1.  Open Internet Explorer browser and type the address for the App-V. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
+1.  Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
 
 2.  To view different sections of the console, click the desired section in the navigation pane.
 
diff --git a/windows/manage/appv-connection-group-file.md b/windows/manage/appv-connection-group-file.md
index 9b8a08ae00..a523cd8c6d 100644
--- a/windows/manage/appv-connection-group-file.md
+++ b/windows/manage/appv-connection-group-file.md
@@ -203,87 +203,60 @@ The virtual application Microsoft Outlook is running in virtual environment **XY
 
 ## <a href="" id="bkmk-va-conn-configs"></a>Supported virtual application connection configurations
 
+The following application connection configurations are supported.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Configuration</th>
-<th align="left">Example scenario</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>An. exe file and plug-in (.dll)</p></td>
-<td align="left"><ul>
-<li><p>You want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.</p></li>
-<li><p>Enable the connection group for the appropriate users.</p></li>
-<li><p>Update each package individually as required.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>An. exe file and a middleware application</p></td>
-<td align="left"><ul>
-<li><p>You have an application requires a middleware application, or several applications that all depend on the same middleware runtime version.</p></li>
-<li><p>All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime.</p></li>
-<li><p>You can optionally combine multiple middleware applications into a single connection group.</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Example</th>
-<th align="left">Example description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Virtual application connection group for the financial division</p></td>
-<td align="left"><ul>
-<li><p>Middleware application 1</p></li>
-<li><p>Middleware application 2</p></li>
-<li><p>Middleware application 3</p></li>
-<li><p>Middleware application runtime</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Virtual application connection group for HR division</p></td>
-<td align="left"><ul>
-<li><p>Middleware application 5</p></li>
-<li><p>Middleware application 6</p></li>
-<li><p>Middleware application runtime</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-<p> </p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>An. exe file and an .exe file</p></td>
-<td align="left"><p>You have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.</p>
-<p><strong>Example:</strong></p>
-<p>If you are deploying Microsoft Lync 2010, you can use three packages:</p>
-<ul>
-<li><p>Microsoft Office 2010</p></li>
-<li><p>Microsoft Communicator 2007</p></li>
-<li><p>Microsoft Lync 2010</p></li>
-</ul>
-<p>You can manage the deployment using the following connection groups:</p>
-<ul>
-<li><p>Microsoft Office 2010 and Microsoft Communicator 2007</p></li>
-<li><p>Microsoft Office 2010 and Microsoft Lync 2010</p></li>
-</ul>
-<p>When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.</p></td>
-</tr>
-</tbody>
-</table>
+- **An. exe file and plug-in (.dll)**. For example, you might want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.
 
+    Enable the connection group for the appropriate users. Update each package individually as required.
+
+- **An. exe file and a middleware application**. You might have an application that requires a middleware application, or several applications that all depend on the same middleware runtime version.
+
+    All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime. You can optionally combine multiple middleware applications into a single connection group.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Example</th>
+    <th align="left">Example description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Virtual application connection group for the financial division</p></td>
+    <td align="left"><ul>
+    <li><p>Middleware application 1</p></li>
+    <li><p>Middleware application 2</p></li>
+    <li><p>Middleware application 3</p></li>
+    <li><p>Middleware application runtime</p></li>
+    </ul></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Virtual application connection group for HR division</p></td>
+    <td align="left"><ul>
+    <li><p>Middleware application 5</p></li>
+    <li><p>Middleware application 6</p></li>
+    <li><p>Middleware application runtime</p></li>
+    </ul></td>
+    </tr>
+    </tbody>
+    </table>
+
+- **An. exe file and an .exe file**. You might have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.
+
+    For example, if you are deploying Microsoft Lync 2010, you can use three packages:
+    - Microsoft Office 2010    
+    - Microsoft Communicator 2007
+    - Microsoft Lync 2010<br><br>
+    
+  You can manage the deployment using the following connection groups:
+    - Microsoft Office 2010 and Microsoft Communicator 2007
+    - Microsoft Office 2010 and Microsoft Lync 2010<br><br>
+    
+  When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.
 
 ## Have a suggestion for App-V?
 
diff --git a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
index 873f4f54c7..4cae334e5e 100644
--- a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
@@ -14,61 +14,44 @@ ms.prod: w10
 **Applies to**
 -   Windows 10, version 1607
 
-**Important**  
-The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
-
- 
-
 Use the following procedure to create a virtual application package with the App-V Package Accelerator.
 
-**Note**  
-Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure.
-
- 
+> **Important**&nbsp;&nbsp;The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
 
 **To create a virtual application package with an App-V Package Accelerator**
 
-1.  To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1. Be sure that the required Package Accelerator has been copied locally to the computer that runs the App-V Sequencer. Also copy all required installation files for the package to a local folder on the computer that runs the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
 
-2.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
+2.  To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-3.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
+3.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
 
-    **Important**  
-    If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
+4.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
 
-     
+    > **Important**&nbsp;&nbsp;If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
 
-4.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
+5.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
 
-5.  On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
+6.  On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
 
     Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
 
-    **Note**  
-    You can specify the following types of supported installation files:
+    > **Note**&nbsp;&nbsp;You can specify the following types of supported installation files:
+    > -   Windows Installer files (**.msi**)
+    > -   Cabinet files (.cab)
+    > -   Compressed files with a .zip file name extension
+    > -   The actual application files
+    > The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
 
-    -   Windows Installer files (**.msi**)
+7.  If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
 
-    -   Cabinet files (.cab)
+8.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
 
-    -   Compressed files with a .zip file name extension
+9.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
 
-    -   The actual application files
+10.  To create the package, click **Create**. After the package is created, click **Next**.
 
-    The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
-
-     
-
-    If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
-
-6.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
-
-7.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
-
-    To create the package, click **Create**. After the package is created, click **Next**.
-
-8.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
+11.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
 
     If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
 
@@ -80,9 +63,9 @@ Before you start this procedure, copy the required Package Accelerator locally t
 
     -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
 
-    If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**.
+    If you do not want to configure the applications, click **Skip this step**, and then click **Next**.
 
-9.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
+12.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
 
     The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
 
diff --git a/windows/manage/appv-create-and-use-a-project-template.md b/windows/manage/appv-create-and-use-a-project-template.md
index 09b14a9981..c6a0be63bb 100644
--- a/windows/manage/appv-create-and-use-a-project-template.md
+++ b/windows/manage/appv-create-and-use-a-project-template.md
@@ -16,10 +16,7 @@ ms.prod: w10
 
 You can use an App-V project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages.
 
-**Note**  
-You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application.
-
- 
+> **Note**&nbsp;&nbsp;You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application.
 
 App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications.
 
@@ -29,25 +26,19 @@ Use the following procedures to create and apply a new template.
 
 1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
-2.  **Note**  
-    If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure.
+    > **Note**&nbsp;&nbsp;If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure.
 
-     
-
-    To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
+2.  To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
 
 3.  In the App-V Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V project template. Click Save.
 
-    The new App-V project template is saved in the directory specified in step 3 of this procedure.
+    The new App-V project template is saved in the folder you specified.
 
 **To apply a project template**
 
-1.  **Important**  
-    Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported.
+> **Important**&nbsp;&nbsp;Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported.
 
-     
-
-    To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
 
 2.  To create or upgrade a new virtual application package by using an App-V project template, click **File** / **New From Template**.
 
diff --git a/windows/manage/appv-managing-connection-groups.md b/windows/manage/appv-managing-connection-groups.md
index 00e855b417..dad0496d45 100644
--- a/windows/manage/appv-managing-connection-groups.md
+++ b/windows/manage/appv-managing-connection-groups.md
@@ -19,9 +19,7 @@ Connection groups enable the applications within a package to interact with each
 **Note**  
 In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition.
 
- 
-
-**In this topic:**
+**In this section:**
 
 <table>
 <colgroup>
@@ -53,7 +51,14 @@ In some previous versions of App-V, connection groups were referred to as Dynami
 <td align="left"><p>[How to Publish a Connection Group](appv-publish-a-connection-group.md)</p></td>
 <td align="left"><p>Explains how to publish a connection group.</p></td>
 </tr>
-</tbody>
+<tr class="odd">
+<td align="left"><p>[How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)</p></td>
+<td align="left"><p>Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)</p></td>
+<td align="left"><p>Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.</p></td>
+</tr></tbody>
 </table>
 
  
diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md
index f85fff2b25..f00ba32b3a 100644
--- a/windows/manage/appv-performance-guidance.md
+++ b/windows/manage/appv-performance-guidance.md
@@ -27,7 +27,7 @@ You should read and understand the following information before reading this doc
 -   [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760)
 
 **Note**  
-Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk <strong>*</strong> review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
 
  
 

From fb15f34c3152146c4d57dc1fb8e5aa0f610afbc1 Mon Sep 17 00:00:00 2001
From: JanKeller1 <v-jak@microsoft.com>
Date: Thu, 25 Aug 2016 18:28:46 -0700
Subject: [PATCH 26/26] Fixes to fmts and typos from visual test pass

---
 ...inistrators-to-enable-connection-groups.md |  4 ++--
 ...-a-stand-alone-computer-with-powershell.md | 20 +++++++------------
 ...grating-to-appv-from-a-previous-version.md |  4 ++--
 ...plications-inside-a-virtual-environment.md |  4 ++--
 ...ppv-using-the-client-management-console.md |  4 ++--
 5 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
index ac4a20e8a1..8241c5edef 100644
--- a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
@@ -23,8 +23,8 @@ Use one of the following methods to allow only administrators to enable or disab
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
diff --git a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index eded7a3ee5..694708f484 100644
--- a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -69,8 +69,8 @@ Use the following information to publish a package that has been added to a spec
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
@@ -176,18 +176,12 @@ App-V cmdlets have been assigned to variables for the previous examples for clar
 
 ## <a href="" id="bkmk-admins-pub-pkgs"></a>To enable only administrators to publish or unpublish packages
 
-
-**Note**  
-**This feature is supported starting in App-V 5.0 SP3.**
-
- 
-
-Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
+Starting in App-V 5.0 SP3, you can use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <tbody>
 <tr class="odd">
@@ -218,8 +212,8 @@ To use the App-V Management console to set this configuration, see [How to Publi
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="30%" />
+<col width="70%" />
 </colgroup>
 <thead>
 <tr class="header">
diff --git a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
index 4c4578b787..ff212a6b60 100644
--- a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
@@ -30,8 +30,8 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom
 </colgroup>
 <thead>
 <tr class="header">
-<th align="left">New in App-V</th>
-<th align="left">Prior to App-V</th>
+<th align="left">New in App-V for Windows 10</th>
+<th align="left">Prior to App-V for Windows 10</th>
 </tr>
 </thead>
 <tbody>
diff --git a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index 8bfe51f0c4..44c8051ac6 100644
--- a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -113,7 +113,7 @@ Use the following example syntax, and substitute the name of your package for **
 
 `Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe`
 
-If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, you can use the command line <strong>Get-AppvClientPackage \*executable\*</strong>, where **executable** is the name of the application, for example:<br>Get-AppvClientPackage \*Word\*
 
 ## <a href="" id="bkmk-cl-switch-appvpid"></a>Command line switch /appvpid:&lt;PID&gt;
 
@@ -143,7 +143,7 @@ To get the package GUID and version GUID of your application, run the **Get-Appv
 
 -   Version ID of the desired package
 
-If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*.
+If you don’t know the exact name of your package, use the command line <strong>Get-AppvClientPackage \*executable\*</strong>, where **executable** is the name of the application, for example:<br>Get-AppvClientPackage \*Word\*
 
 This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
 
diff --git a/windows/manage/appv-using-the-client-management-console.md b/windows/manage/appv-using-the-client-management-console.md
index ba054f03f1..c029733b1d 100644
--- a/windows/manage/appv-using-the-client-management-console.md
+++ b/windows/manage/appv-using-the-client-management-console.md
@@ -41,8 +41,8 @@ The client management console contains the following described main tabs.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="20%" />
+<col width="80%" />
 </colgroup>
 <thead>
 <tr class="header">