diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 9ee61b0ad6..cf6462beb5 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -227,7 +227,7 @@
},
{
"source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
-"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
+"redirect_url": "/windows/configuration/kiosk-shared-pc",
"redirect_document_id": true
},
{
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 979c1f9105..6b49909e86 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/14/2017
+ms.date: 08/28/2017
---
# BitLocker CSP
@@ -211,6 +211,9 @@ The following diagram shows the BitLocker configuration service provider in tree
On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
+> [!Note]
+> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
+
If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.
@@ -298,6 +301,11 @@ The following diagram shows the BitLocker configuration service provider in tree
This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
+> [!Note]
+> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits.
+>
+>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
+
If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.
If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 1e82260c11..d3068c66de 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -981,6 +981,14 @@ For details about Microsoft mobile device management protocols for Windows 10 s
+| [Bitlocker CSP](bitlocker-csp.md) |
+Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
+ |
+
+| [ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies) |
+Added new policies.
+ |
+
| [Policy CSP](policy-configuration-service-provider.md) |
Added the following new policies for Windows 10, version 1709:
@@ -1385,7 +1393,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
| [BitLocker CSP](bitlocker-csp.md) |
-Added information to the ADMX-backed policies.
+ | Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
|
| [Firewall CSP](firewall-csp.md) |
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index eb042d424b..dc842b3f38 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -239,8 +239,8 @@ This section contains several procedures to support Zero Touch installation with
1. Type the following commands at a Windows PowerShell prompt on SRV1:
```
- New-Item -ItemType Directory -Path "C:Sources\OSD\Boot"
- New-Item -ItemType Directory -Path "C:Sources\OSD\OS"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
@@ -560,7 +560,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
```
- New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
```
diff --git a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 73bb0a5fb0..5221675063 100644
--- a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -40,7 +40,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|-----------|------------------|-----------|-------|
|Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:- Disable the clipboard functionality completely when Virtualization Security is enabled.
- Enable copying of certain content from Application Guard into Microsoft Edge.
- Enable copying of certain content from Microsoft Edge into Application Guard.
**Important**
Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.|
+|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
|Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**- Open a command-line program and navigate to Windows/System32.
- Type `wdagtool.exe cleanup`.
The container environment is reset, retaining only the employee-generated data. - Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
The container environment is reset, including discarding all employee-generated data.
|
|Turn On/Off Windows Defender Application Guard (WDAG)|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.
**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|
diff --git a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
index e2f11fc337..8ca8c4120a 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@@ -1,5 +1,5 @@
---
-title: Test how Windows Defender EG features will work in your organization
+title: Test how Windows Defender EG features work
description: Audit mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled
keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
index c64d76ea70..2cda929649 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
@@ -1,6 +1,6 @@
---
-title: Prevent ransomware and other threats from encrypting and changing important files
-description: Files in default folders, such as Documents and Desktop, can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files.
+title: Help prevent ransomware and threats from encrypting and changing files
+description: Files in default folders can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files.
keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
index 72256aa36b..71db423dcf 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -1,5 +1,5 @@
---
-title: Configure how ASR works so you can finetune the protection in your network
+title: Configure how ASR works to finetune protection in your network
description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
index e105482635..3471eba455 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@@ -77,8 +77,7 @@ For further details on how audit mode works, and when you might want to use it,
- **Disable (Default)** - The Controlled Folder Access feature will not work. All apps can make changes to files in protected folders.
- **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
-
- 
+ 
>[!IMPORTANT]
>To fully enable the Controlled Folder Access feature, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu.
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
index e8476084c9..1e5a5acdee 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@@ -1,5 +1,5 @@
---
-title: Use a demo tool to see how ASR could help protect your organization's devices
+title: Use a demo to see how ASR can help protect your devices
description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
index 151c74bdb2..3b7019e217 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@@ -1,5 +1,5 @@
---
-title: See how Windows 10 can protect your files from being changed by malicious apps
+title: See how CFA can help protect files from being changed by malicious apps
description: Use a custom tool to see how Controlled Folder Access works in Windows 10.
keywords: controlled folder access, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
index bdeca98d57..7f93a40671 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
@@ -1,5 +1,5 @@
---
-title: Evaluate the impact of each of the four features in Windows Defender Exploit Guard
+title: Evaluate the impact of Windows Defender Exploit Guard
description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios
keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
index 54066d6d43..2e4142e7ae 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@@ -1,5 +1,5 @@
---
-title: Import custom views in XML to see Windows Defender Exploit Guard events
+title: Import custom views to see Windows Defender Exploit Guard events
description: Use Windows Event Viewer to import individual views for each of the features.
keywords: event view, exploit guard, audit, review, events
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
index e2d88d19db..cc5ba5334b 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -1,5 +1,5 @@
---
-title: Apply mitigations that help prevent attacks that use vulnerabilities in software
+title: Apply mitigations to help prevent attacks through vulnerabilities
keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
index 23953b3eb1..2f1e023d45 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -1,5 +1,5 @@
---
-title: Use Network Protection to prevent connections to suspicious domains
+title: Use Network Protection to help prevent connections to bad sites
description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
keywords: Network Protection, exploits, malicious website, ip, domain, domains
search.product: eADQiWindows 10XVcnh
diff --git a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index 7685caabc8..efab74fbdb 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -1,6 +1,6 @@
---
-title: Use Windows Defender Exploit Guard to protect your corporate network
-description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection, including helping to prevent ransomware encryption and exploit attacks
+title: Use Windows Defender Exploit Guard to protect your network
+description: Windows Defender EG employs features that help protect your network from threats, including helping prevent ransomware encryption and exploit attacks
keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
search.product: eADQiWindows 10XVcnh
ms.pagetype: security