Merge pull request #4427 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

browsers/edge/group-policies/sync-browser-settings-gp.md

@@ -38,7 +38,7 @@ You can find the Microsoft Edge Group Policy settings in the following location
 To verify the settings:
 1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\).
 2. Click **Settings**.
-3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
+3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.png)
 
 
 ## Do not sync browser settings

browsers/edge/includes/configure-windows-defender-smartscreen-include.md

@@ -27,7 +27,7 @@ ms.topic: include
 
 To verify Windows Defender SmartScreen is turned off (disabled):
 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2.  Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG)
+2.  Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.png)
 
 
 ### ADMX info and settings

windows/deployment/mbr-to-gpt.md

@@ -376,7 +376,7 @@ Number Friendly Name      Serial Number        HealthStatus OperationalStatus To
 
 You can also view the partition type of a disk by opening the Disk Management tool, right-clicking the disk number, clicking **Properties**, and then clicking the **Volumes** tab. See the following example:
 
-![Volumes](images/mbr2gpt-volume.PNG)
+![Volumes](images/mbr2gpt-volume.png)
 
 
 If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:

windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md

@@ -339,7 +339,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 
 **Result:** The hint for the Microsoft Account and the custom URL are displayed.
 
-![Example 1 of Customized BitLocker recovery screen](./images/rp-example1.PNG)
+![Example 1 of Customized BitLocker recovery screen](./images/rp-example1.png)
 
 
 #### Example 2 (single recovery key with single backup)
@@ -354,7 +354,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 
 **Result:** Only the custom URL is displayed.
 
-![Example 2 of customized BitLocker recovery screen](./images/rp-example2.PNG)
+![Example 2 of customized BitLocker recovery screen](./images/rp-example2.png)
 
 
 #### Example 3 (single recovery key with multiple backups)
@@ -369,7 +369,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 
 **Result:** Only the Microsoft Account hint is displayed.
 
-![Example 3 of customized BitLocker recovery screen](./images/rp-example3.PNG)
+![Example 3 of customized BitLocker recovery screen](./images/rp-example3.png)
 
 
 #### Example 4  (multiple recovery passwords)
@@ -399,7 +399,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 
 **Result:** Only the hint for a successfully backed up key is displayed, even if it isn't the most recent key.
 
-![Example 4 of customized BitLocker recovery screen](./images/rp-example4.PNG)
+![Example 4 of customized BitLocker recovery screen](./images/rp-example4.png)
 
 
 #### Example 5  (multiple recovery passwords)
@@ -429,7 +429,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 
 **Result:** The hint for the most recent key is displayed.
 
-![Example 5 of customized BitLocker recovery screen](./images/rp-example5.PNG)
+![Example 5 of customized BitLocker recovery screen](./images/rp-example5.png)
 
 
 ## <a href="" id="bkmk-usingaddrecovery"></a>Using additional recovery information

windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 12/10/2020
+ms.date: 12/17/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -22,15 +22,16 @@ Microsoft Defender Application Guard (Application Guard) is designed to help pre
 
 ## What is Application Guard and how does it work?
 
-Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.
+For Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container.
+
+For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials.
 
-If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials.
 
 ![Hardware isolation diagram](images/appguard-hardware-isolation.png)
 
 ### What types of devices should use Application Guard?
 
-Application Guard has been created to target several types of systems:
+Application Guard has been created to target several types of devices:
 
 - **Enterprise desktops**. These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.