Merged PR 4141: 10/27 AM Publish

2025-05-28 13:17:23 +00:00 · 2017-10-27 17:32:50 +00:00 · 2017-10-27 17:32:50 +00:00 · b293aaad8a
commit b293aaad8a
parent ccf95fc6c4 b4095a6588
5 changed files with 20 additions and 22 deletions
--- a/windows/access-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@ -11,7 +11,7 @@ ms.author: mstephen
 localizationpriority: high
 ms.date: 10/20/2017
 ---
-# Hybrid Key tust Windows Hello for Business Prerequisites
+# Hybrid Key trust Windows Hello for Business Prerequisites

 **Applies to**
 -   Windows 10
@ -64,7 +64,6 @@ The minimum required enterprise certificate authority that can be used with Wind
 ### Section Review
 > [!div class="checklist"]  
 > * Windows Server 2012 Issuing Certificate Authority
-> * Windows Server 2016 Active Directory Federation Services

 <br>

@ -99,8 +98,8 @@ Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Auth
 ### Section Review 
 > [!div class="checklist"]
 > * Azure MFA Service
-> * Windows Server 2016 AD FS and Azure
-> * Windows Server 2016 AD FS and third party MFA Adapter
+> * Windows Server 2016 AD FS and Azure (optional, if federated)
+> * Windows Server 2016 AD FS and third party MFA Adapter (optiona, if federated)

 <br>

--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 09/05/2017
+ms.date: 10/26/2017
 ms.localizationpriority: high
 ---

@ -20,25 +20,26 @@ ms.localizationpriority: high

 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 

+>MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
+>The tool is available in both the full OS environment and Windows PE. To use this tool in a deployment task sequence with Configuration Manager or Microsoft Deployment Toolkit (MDT), you must first update the boot.wim file with the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1703, or a later version.
+
 See the following video for a detailed description and demonstration of MBR2GPT.

 <iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/hfJep4hmg9o" frameborder="0" allowfullscreen></iframe>

->MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
->The tool is available in both the full OS environment and Windows PE. 
-
 You can use MBR2GPT to: 

 - Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT.
 - Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
 - Convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
+- Convert an operating system disk from MBR to GPT through a Configuration Manager or MDT task sequence provided that version 1703 or later of the Windows ADK is installed.

 Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.

 >[!IMPORTANT]
 >After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. <BR>Make sure that your device supports UEFI before attempting to convert the disk.

-## Prerequisites
+## Disk Prerequisites

 Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
 - The disk is currently using MBR
--- a/windows/deployment/planning/device-dialog-box.md
+++ b/windows/deployment/planning/device-dialog-box.md
@ -1,5 +0,0 @@
---
-title: Device Dialog Box (Windows 10)
-description: In Application Compatibility Manager (ACM), the Device dialog box shows information about the selected device.
-description: This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
---
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@ -287,7 +287,4 @@ Your individual registration with the Insider program will not be impacted. If y
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
- [Manage updates using Windows Update for Business](waas-manage-updates-wufb.md)
- [Manage Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md)
- [Manage Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
--- a/windows/device-security/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/device-security/bitlocker/bitlocker-group-policy-settings.md
@ -343,7 +343,7 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 </tr>
 <tr class="even">
 <td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>You can require that users enter a minimum number of digits to when setting their startup PINs.</p></td>
+<td align="left"><p>You can require that users enter between 4 and 20 digits when setting their startup PINs.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>When disabled or not configured</strong></p></td>
@ -1100,19 +1100,25 @@ This policy setting is used to control the encryption method and cipher strength
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>When disabled or not configured</strong></p></td>
-<td align="left"><p>BitLocker uses the default encryption method of AES 128-bit or the encryption method that is specified by the setup script.</p></td>
+<td align="left"><p>Beginning with Windows 10, version 1511, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.</p></td>
 </tr>
 </tbody>
 </table>
  
 **Reference**

-By default, BitLocker uses AES 128-bit encryption. Available options are AES-128 and AES-256. The values of this policy determine the strength of the cipher that BitLocker uses for encryption. Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128).
+The values of this policy determine the strength of the cipher that BitLocker uses for encryption. 
+Enterprises may want to control the encryption level for increased security (AES-256 is stronger than AES-128).
+
+If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. 
+For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. 
+For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511 or later.
+
 Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored.

 >**Warning:**  This policy does not apply to encrypted drives. Encrypted drives utilize their own algorithm, which is set by the drive during partitioning.
  
-When this policy setting is disabled, BitLocker uses AES with the same bit strength (128-bit or 256-bit) as specified in the policy setting **Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)**. If neither policy is set, BitLocker uses the default encryption method, AES-128, or the encryption method that is specified in the setup script.
+When this policy setting is disabled or not configured, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method that is specified in the setup script.

 ### <a href="" id="bkmk-hdefxd"></a>Configure use of hardware-based encryption for fixed data drives