diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 428efd3e77..c28f4e3105 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu, devices
author: craigash
+localizationpriority: medium
---
# Chromebook migration guide
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index dcfe03beba..1f9fee58e3 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.pagetype: edu
ms.sitesec: library
author: craigash
+localizationpriority: medium
---
# Deploy Windows 10 in a school district
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 53a866f3b8..5babf46fd3 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.pagetype: edu
ms.sitesec: library
author: craigash
+localizationpriority: medium
---
# Deploy Windows 10 in a school
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index 28792bb055..53394b2c6e 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -5,6 +5,7 @@ keywords: ["Windows 10 deployment", "recommendations", "privacy settings", "scho
ms.mktglfcycl: plan
ms.sitesec: library
author: CelesteDG
+localizationpriority: medium
---
# Deployment recommendations for school IT administrators
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 2fedf96bda..7031f0406f 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Get Minecraft Education Edition
diff --git a/education/windows/index.md b/education/windows/index.md
index 6e20c83aae..d2f37104dc 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Windows 10 for Education
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 5c18b9e201..664c8d9d4d 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# For IT administrators: get Minecraft Education Edition
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index abf4fc1bd3..0df16c651d 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Technical reference for the Set up School PCs app
@@ -90,7 +91,6 @@ The **Set up School PCs** app produces a specialized provisioning package that m
- Saving content locally to the PC is disabled. This prevents data loss by forcing students to save to the cloud.
- A custom Start layout and sign in background image are set.
-- Prohibits Microsoft Accounts (MSAs) from being created.
- Prohibits unlocking the PC to developer mode.
- Prohibits untrusted Windows Store apps from being installed.
- Prohibits students from removing MDM.
@@ -242,7 +242,7 @@ The **Set up School PCs** app produces a specialized provisioning package that m
| Windows Settings > Security Settings > Local Policies > Security Options |
-Accounts: Block Microsoft accounts | Enabled |
+Accounts: Block Microsoft accounts **Note** Microsoft accounts can still be used in apps. | Enabled |
| Interactive logon: Do not display last user name | Enabled |
| Interactive logon: Sign-in last interactive user automatically after a system-initiated restart | Disabled |
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index fcaad8b9af..28034a9097 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Set up student PCs to join domain
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index e13e4af805..a586e71b08 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Provision student PCs with apps
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index fe7767a997..ba036c6d77 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Provisioning options for Windows 10
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index 0823171b3e..ec9ea350cc 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Take a Test app technical reference
@@ -31,7 +32,9 @@ When running above the lock screen:
- The hardware print screen button is disabled
-- Content within the app will show up as black in screen capturing/sharing software Copy/paste is disabled
+- Content within the app will show up as black in screen capturing/sharing software
+
+- System clipboard is cleared
- Web apps can query the processes currently running in the user’s device
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 0110e7d52c..09d68b6302 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Set up Take a Test on multiple PCs
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 7c05de544c..9093337da9 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Set up Take a Test on a single PC
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 6bf51bf7b2..24a6d7a65e 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Take tests in Windows 10
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index c9c386545b..599083ca43 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# For teachers: get Minecraft Education Edition
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 788c6dd819..325a7d3fc5 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: jdeckerMS
+localizationpriority: medium
---
# Use the Set up School PCs app
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 9eccc9be96..8c69690ec1 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: CelesteDG
+localizationpriority: medium
---
# Windows 10 editions for education customers
diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md
index dbf9a5a617..cd91b2b614 100644
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: greg-lindsay
+localizationpriority: medium
---
# Activate using Active Directory-based activation
diff --git a/windows/deploy/activate-using-key-management-service-vamt.md b/windows/deploy/activate-using-key-management-service-vamt.md
index 9681860156..3fc787f902 100644
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: jdeckerMS
+localizationpriority: medium
---
# Activate using Key Management Service
diff --git a/windows/deploy/activate-windows-10-clients-vamt.md b/windows/deploy/activate-windows-10-clients-vamt.md
index 2d77f355dc..c110f8233c 100644
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: jdeckerMS
+localizationpriority: medium
---
# Activate clients running Windows 10
diff --git a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
index 39133a9d8c..bcf9e7aa13 100644
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: jdeckerMS
+localizationpriority: medium
---
# Appendix: Information sent to Microsoft during activation
**Applies to**
diff --git a/windows/deploy/monitor-activation-client.md b/windows/deploy/monitor-activation-client.md
index 26c8257cc3..5b49e544c2 100644
--- a/windows/deploy/monitor-activation-client.md
+++ b/windows/deploy/monitor-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: greg-lindsay
+localizationpriority: medium
---
# Monitor activation
diff --git a/windows/deploy/plan-for-volume-activation-client.md b/windows/deploy/plan-for-volume-activation-client.md
index d5ed360f3e..3e4a114155 100644
--- a/windows/deploy/plan-for-volume-activation-client.md
+++ b/windows/deploy/plan-for-volume-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: jdeckerMS
+localizationpriority: medium
---
# Plan for volume activation
diff --git a/windows/deploy/provision-pcs-for-initial-deployment.md b/windows/deploy/provision-pcs-for-initial-deployment.md
index 9b4680a69b..7cafb0ca22 100644
--- a/windows/deploy/provision-pcs-for-initial-deployment.md
+++ b/windows/deploy/provision-pcs-for-initial-deployment.md
@@ -7,6 +7,7 @@ ms.prod: W10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Provision PCs with common settings for initial deployment (simple provisioning)
diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md
index 21feacfd29..dfeb124757 100644
--- a/windows/deploy/provision-pcs-with-apps-and-certificates.md
+++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md
@@ -7,6 +7,7 @@ ms.prod: W10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
diff --git a/windows/deploy/use-the-volume-activation-management-tool-client.md b/windows/deploy/use-the-volume-activation-management-tool-client.md
index 1e4f5c32b2..6eed17adf5 100644
--- a/windows/deploy/use-the-volume-activation-management-tool-client.md
+++ b/windows/deploy/use-the-volume-activation-management-tool-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: jdeckerMS
+localizationpriority: medium
---
# Use the Volume Activation Management Tool
diff --git a/windows/deploy/volume-activation-windows-10.md b/windows/deploy/volume-activation-windows-10.md
index eda56e2651..f1bda40ad4 100644
--- a/windows/deploy/volume-activation-windows-10.md
+++ b/windows/deploy/volume-activation-windows-10.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: jdeckerMS
+localizationpriority: medium
---
# Volume Activation for Windows 10
diff --git a/windows/keep-secure/configure-s-mime.md b/windows/keep-secure/configure-s-mime.md
index 7b9906f26d..7169036152 100644
--- a/windows/keep-secure/configure-s-mime.md
+++ b/windows/keep-secure/configure-s-mime.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
diff --git a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
index bd42f9b4ab..28f0292d02 100644
--- a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
+++ b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
+localizationpriority: high
---
# Enable phone sign-in to PC or VPN
@@ -18,20 +19,24 @@ author: jdeckerMS
In Windows 10, Version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
- (add screenshot when I can get the app working)
+
+
+> [!NOTE]
+> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
You can create a Group Policy or mobile device management (MDM) policy that will allow users to sign in to a work PC or their company's VPN using the credentials stored on their Windows 10 phone.
## Prerequisites
- - Both phone and PC must be running Windows 10, Version 1607.
+ - Both phone and PC must be running Windows 10, version 1607.
- The PC must be running Windows 10 Pro, Enterprise, or Education
- Both phone and PC must have Bluetooth.
+ - The **Microsoft Authenticator** app must be installed on the phone.
- The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
- The phone must be joined to Azure AD or have a work account added.
- - VPN configuration profile must use certificate-based authentication.
+ - The VPN configuration profile must use certificate-based authentication.
-## Set policies and get the app
+## Set policies
To enable phone sign-in, you must enable the following policies using Group Policy or MDM.
@@ -42,13 +47,20 @@ To enable phone sign-in, you must enable the following policies using Group Poli
- Set **UsePassportForWork** to **True**
- Set **Remote\UseRemotePassport** to **True**
-Everyone can get the **Microsoft Authenticator** app from the Windows Store. If you want to distribute the **Microsoft Authenticator** app, your organization must have set up Windows Store for Business, with Microsoft added as a Line of Business (LOB) publisher.
+## Configure VPN
+
+To enable phone sign-in to VPN, you must enable the [policy](#set-policies) for phone sign-in and ensure that VPN is configured as follows:
+
+- For inbox VPN, set up the VPN profile with Extensible Authentication Protocol (EAP) with the **Smart card or other certificate (TLS)** EAP type, also known as EAP-Transport Level Security (EAP-TLS). To exclusively access the VPN certificates on the phone, in the EAP filtering XML, add either **EKU** or **Issuer** (or both) filtering to make sure it picks only the Remote NGC certificate.
+- For a Universal Windows Platform (UWP) VPN plug-in, add filtering criteria based on the 3rd party mechanism for the Remote NGC Certificate.
+
+## Get the app
+
+If you want to distribute the **Microsoft Authenticator** app, your organization must have set up Windows Store for Business, with Microsoft added as a [Line of Business (LOB) publisher](../manage/working-with-line-of-business-apps.md).
[Tell people how to sign in using their phone.](prepare-people-to-use-microsoft-passport.md#bmk-remote)
-
-
## Related topics
[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
diff --git a/windows/keep-secure/images/phone-signin-device-select.png b/windows/keep-secure/images/phone-signin-device-select.png
new file mode 100644
index 0000000000..a002efa427
Binary files /dev/null and b/windows/keep-secure/images/phone-signin-device-select.png differ
diff --git a/windows/keep-secure/images/phone-signin-menu.png b/windows/keep-secure/images/phone-signin-menu.png
new file mode 100644
index 0000000000..4672433344
Binary files /dev/null and b/windows/keep-secure/images/phone-signin-menu.png differ
diff --git a/windows/keep-secure/images/phone-signin-settings.png b/windows/keep-secure/images/phone-signin-settings.png
new file mode 100644
index 0000000000..e0ae827426
Binary files /dev/null and b/windows/keep-secure/images/phone-signin-settings.png differ
diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
index 1680e13ed9..92c3514ca6 100644
--- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
+++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Implement Microsoft Passport in your organization
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 6bd8e60c5d..da5029050c 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Install digital certificates on Windows 10 Mobile
diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
index dccabd045e..bb867e4dc0 100644
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
author: jdeckerMS
+localizationpriority: high
---
# Manage identity verification using Microsoft Passport
diff --git a/windows/keep-secure/microsoft-passport-and-password-changes.md b/windows/keep-secure/microsoft-passport-and-password-changes.md
index ceebe00f0a..057efc5773 100644
--- a/windows/keep-secure/microsoft-passport-and-password-changes.md
+++ b/windows/keep-secure/microsoft-passport-and-password-changes.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Microsoft Passport and password changes
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index 490c5c9e6e..224caa847c 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Microsoft Passport errors during PIN creation
diff --git a/windows/keep-secure/passport-event-300.md b/windows/keep-secure/passport-event-300.md
index 9a7c694ae0..3350d1f5bf 100644
--- a/windows/keep-secure/passport-event-300.md
+++ b/windows/keep-secure/passport-event-300.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Event ID 300 - Passport successfully created
diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
index d377aafd3e..d6fbfbe19d 100644
--- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
+++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Prepare people to use Microsoft Passport
@@ -52,16 +53,23 @@ If your policy allows it, people can add Windows Hello to their Passport. Window
-## Use a phone to sign in to a PC
+## Use a phone to sign in to a PC or VPN
-If your enterprise enables phone sign-in, users can pair a phone running Windows 10 Mobile to a PC running Windows 10 and then use an app on the phone to sign in to the PC using their Microsoft Passport credentials.
-> **Note:** Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
+If your enterprise enables phone sign-in, users can pair a phone running Windows 10 Mobile to a PC running Windows 10 and then use an app on the phone to sign in to the PC using their Windows Hello credentials.
+
+> [!NOTE]
+> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
**Prerequisites:**
-- The PC must be joined to the Active Directory domain or Azure AD cloud domain.
-- The PC must have Bluetooth connectivity.
-- The phone must be joined to the Azure AD cloud domain, or the user must have added a work account to their personal phone.
-- The free **Phone Sign-in** app must be installed on the phone.
+
+- Both phone and PC must be running Windows 10, version 1607.
+- The PC must be running Windows 10 Pro, Enterprise, or Education
+- Both phone and PC must have Bluetooth.
+- The **Microsoft Authenticator** app must be installed on the phone.
+- The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
+- The phone must be joined to Azure AD or have a work account added.
+- The VPN configuration profile must use certificate-based authentication.
+
**Pair the PC and phone**
1. On the PC, go to **Settings** > **Devices** > **Bluetooth**. Tap the name of the phone and then tap **Pair** to begin pairing.
@@ -73,11 +81,19 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
3. On the PC, tap **Yes**.
**Sign in to PC using the phone**
-1. Open the **Phone Sign-in** app and tap the name of the PC to sign in to.
- > **Note: ** The first time that you run the Phone-Sign app, you must add an account.
+
+1. Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to.
+ > **Note: ** The first time that you run the **Microsoft Authenticator** app, you must add an account.
+
+ 
+
2. Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account.
+**Connect to VPN**
+
+You simply connect to VPN as you normally would. If the phone's certificates are being used, a notification will be pushed to the phone asking if you approve. If you click **allow** in the notification, you will be prompted for your PIN. After you enter your PIN, the VPN session will connect.
+
## Related topics
[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
diff --git a/windows/keep-secure/vpn-profile-options.md b/windows/keep-secure/vpn-profile-options.md
index 425e451341..3d14b8c9a7 100644
--- a/windows/keep-secure/vpn-profile-options.md
+++ b/windows/keep-secure/vpn-profile-options.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, networking
author: jdeckerMS
+localizationpriority: medium
---
# VPN profile options
diff --git a/windows/keep-secure/why-a-pin-is-better-than-a-password.md b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
index 21d3ce97d3..004d818bdf 100644
--- a/windows/keep-secure/why-a-pin-is-better-than-a-password.md
+++ b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
+localizationpriority: high
---
# Why a PIN is better than a password
diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md
index 40a4efa80a..9907572763 100644
--- a/windows/keep-secure/windows-hello-in-enterprise.md
+++ b/windows/keep-secure/windows-hello-in-enterprise.md
@@ -7,7 +7,8 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
-author: eross-msft
+author: jdeckerMS
+localizationpriority: high
---
# Windows Hello biometrics in the enterprise
@@ -17,21 +18,23 @@ author: eross-msft
Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
+> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
+
Because we realize your employees are going to want to use this new technology in your enterprise, we’ve been actively working with the device manufacturers to create strict design and performance recommendations that help to ensure that you can more confidently introduce Windows Hello biometrics into your organization.
##How does Windows Hello work?
-Windows Hello lets your employees use fingerprint or facial recognition as an alternative method to unlocking a device. With Windows Hello, authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Microsoft Passport credentials.
+Windows Hello lets your employees use fingerprint or facial recognition as an alternative method to unlocking a device. With Windows Hello, authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Windows Hello credentials.
-The Windows Hello authenticator works with Microsoft Passport to authenticate and allow employees onto your enterprise network. Authentication doesn’t roam among devices, isn’t shared with a server, and can’t easily be extracted from a device. If multiple employees share a device, each employee will use his or her own biometric data on the device.
+The Windows Hello authenticator works to authenticate and allow employees onto your enterprise network. Authentication doesn’t roam among devices, isn’t shared with a server, and can’t easily be extracted from a device. If multiple employees share a device, each employee will use his or her own biometric data on the device.
## Why should I let my employees use Windows Hello?
Windows Hello provides many benefits, including:
-- Combined with Microsoft Passport, it helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it’s much more difficult to gain access without the employee’s knowledge.
+- It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it’s much more difficult to gain access without the employee’s knowledge.
- Employees get a simple authentication method (backed up with a PIN) that’s always with them, so there’s nothing to lose. No more forgetting passwords!
-- Support for Windows Hello is built into the operating system so you can add additional biometric devices and polices as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.
For more info about the available Group Policies and MDM CSPs, see the [Implement Microsoft Passport in your organization](implement-microsoft-passport-in-your-organization.md) topic.
+- Support for Windows Hello is built into the operating system so you can add additional biometric devices and polices as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.
For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) topic.
## Where is Microsoft Hello data stored?
The biometric data used to support Windows Hello is stored on the local device only. It doesn’t roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data, it still can’t be easily converted to a form that could be recognized by the biometric sensor.
@@ -72,8 +75,8 @@ To allow facial recognition, you must have devices with integrated special infra
- Effective, real world FRR with Anti-spoofing or liveness detection: <10%
## Related topics
-- [Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
-- [Implement Microsoft Passport in your organization](implement-microsoft-passport-in-your-organization.md)
+- [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
+- [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
- [Microsoft Passport guide](microsoft-passport-guide.md)
- [Prepare people to use Microsoft Passport](prepare-people-to-use-microsoft-passport.md)
- [PassportforWork CSP](http://go.microsoft.com/fwlink/p/?LinkId=708219)
diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md
index 491a779ece..83fd6310e1 100644
--- a/windows/manage/configure-windows-10-taskbar.md
+++ b/windows/manage/configure-windows-10-taskbar.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Configure Windows 10 taskbar
diff --git a/windows/manage/connect-to-remote-aadj-pc.md b/windows/manage/connect-to-remote-aadj-pc.md
index 502758f952..1c58be856c 100644
--- a/windows/manage/connect-to-remote-aadj-pc.md
+++ b/windows/manage/connect-to-remote-aadj-pc.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: devices
author: jdeckerMS
+localizationpriority: medium
---
# Connect to remote Azure Active Directory-joined PC
diff --git a/windows/manage/manage-tips-and-suggestions.md b/windows/manage/manage-tips-and-suggestions.md
index 676207782a..3b754f0ea5 100644
--- a/windows/manage/manage-tips-and-suggestions.md
+++ b/windows/manage/manage-tips-and-suggestions.md
@@ -16,7 +16,6 @@ author: jdeckerMS
- Windows 10
-> [Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]
Since its inception, Windows 10 has included a number of user experience features that provide useful tips, tricks, and suggestions as you use Windows, as well as app suggestions from the Windows Store. These features are designed to help people get the most out of their Windows 10 experience by, for example, sharing new features, providing more details on the features they use, or sharing content available in the Windows Store. Examples of such user experiences include:
diff --git a/windows/manage/set-up-shared-or-guest-pc.md b/windows/manage/set-up-shared-or-guest-pc.md
index b29e1f8184..a0c40e738a 100644
--- a/windows/manage/set-up-shared-or-guest-pc.md
+++ b/windows/manage/set-up-shared-or-guest-pc.md
@@ -6,6 +6,7 @@ ms.prod: W10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerMS
+localizationpriority: medium
---
# Set up a shared or guest PC with Windows 10
@@ -15,7 +16,7 @@ author: jdeckerMS
- Windows 10
-Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise.
+Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Pro Education, Education, and Enterprise.
> **Note:** If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
@@ -245,8 +246,8 @@ Shared PC mode sets local group policies to configure the device. Some of these
| Admin Templates>System>User Profiles |
| Turn off the advertising ID | Enabled | SetEduPolicies=True |
| Admin Templates>Windows Components |
- | Do not show Windows Tips *Only on Pro, Enterprise, and Education* | Enabled | SetEduPolicies=True |
- | Turn off Microsoft consumer experiences *Only on Pro, Enterprise, and Education* | Enabled | SetEduPolicies=True |
+ | Do not show Windows Tips *Only on Pro, Enterprise, Pro Education, and Education* | Enabled | SetEduPolicies=True |
+ | Turn off Microsoft consumer experiences *Only on Pro, Enterprise, Pro Education, and Education* | Enabled | SetEduPolicies=True |
| Microsoft Passport for Work | Disabled | Always |
| Prevent the usage of OneDrive for file storage | Enabled | Always |
| Admin Templates>Windows Components>Biometrics |
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index c83ad18429..63869a1878 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -5,6 +5,7 @@ ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"]
ms.prod: w10
author: TrudyHa
+localizationpriority: high
---
# What's new in Windows 10
diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
index 0d5905c0f3..0221cdb67d 100644
--- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
+++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
@@ -6,6 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: TrudyHa
+localizationpriority: high
---
# What's new in Windows 10, versions 1507 and 1511
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index e09fc8804c..bb0c229571 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -7,6 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: TrudyHa
+localizationpriority: high
---
# What's new in Windows 10, version 1607