fixing links

windows/whats-new/applocker.md

@@ -29,7 +29,7 @@ In Windows 10, AppLocker has added some improvements.
 
 -   You can manage Windows 10 Mobile devices by using the new [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx).
 
-[Learn how to manage AppLocker within your organization](../keep-secure/applocker-overview-server.md).
+[Learn how to manage AppLocker within your organization](windows/keep-secure/applocker-overview-server.md).
 
  
 

windows/whats-new/bitlocker.md

@@ -5,7 +5,7 @@ ms.assetid: 3F2DE365-68A1-4CDB-AB5F-C65574684C7B
 ms.prod: W10
 ms.mktglfcycl: explore
 ms.sitesec: library
-author: TrudyHa
+author: brianlic-msft
 ---
 
 # What's new in BitLocker?
@@ -41,14 +41,14 @@ BitLocker Drive Encryption is a data protection feature that integrates with the
 
 -   **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
 
--   **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the "Configure pre-boot recovery message and URL" section in [BitLocker Group Policy settings](../keep-secure/bitlocker-group-policy-settings.md).
+-   **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the "Configure pre-boot recovery message and URL" section in [BitLocker Group Policy settings](windows/keep-secure/bitlocker-group-policy-settings.md).
 
-[Learn how to deploy and manage BitLocker within your organization](../keep-secure/bitlocker-overview-roletech-overview.md).
+[Learn how to deploy and manage BitLocker within your organization](windows/keep-secure/bitlocker-overview-roletech-overview.md).
 
 ## Related topics
 
 
-[Trusted Platform Module](/windows/keep-secure/trusted-platform-module-technology-overview.md)
+[Trusted Platform Module](windows/keep-secure/trusted-platform-module-technology-overview.md)
 
  
 

windows/whats-new/business-store-for-windows-10.md

@@ -81,7 +81,7 @@ While not required, you can use a management tool to distribute and manage apps.
 
 The first step for getting your organization started with the Store for Business is signing up. To sign up for the Business store, you need an Azure AD account and you must be a Global Administrator for your organization.
 
-For more information, see [Sign up for the Store for Business](../manage/sign-up-for-windows-store-for-business.md).
+For more information, see [Sign up for the Store for Business](windows/manage/sign-up-for-windows-store-for-business.md).
 
 ### Set up
 
@@ -131,7 +131,7 @@ After your admin signs up for the Store for Business, they can assign roles to o
 
  
 
-In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-in-the-windows-store-for-business.md).
+In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](windows/manage/manage-users-and-groups-in-the-windows-store-for-business.md).
 
 Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with the Store for Business.
 
@@ -153,7 +153,7 @@ Line-of-business (LOB) apps are also supported via the Business store. You can i
 
 The Business store supports two options to license apps: online and offline. **Online** licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require users and devices to connect to the Store for Business service to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center.
 
-For more information, see [Apps in the Store for Business](../manage/apps-in-the-windows-store-for-business.md#licensing_model).
+For more information, see [Apps in the Store for Business](windows/manage/apps-in-the-windows-store-for-business.md#licensing_model).
 
 ### Distribute apps and content
 
@@ -175,7 +175,7 @@ App distribution is handled through two channels, either through the Store for B
 
 Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps.
 
-For more information, see [Distribute apps to your employees from the Store for Business](../manage/distribute-apps-to-your-employees-from-the-windows-store-for-business.md).
+For more information, see [Distribute apps to your employees from the Store for Business](windows/manage/distribute-apps-to-your-employees-from-the-windows-store-for-business.md).
 
 ### Manage Store for Business settings and content
 
@@ -205,7 +205,7 @@ Once you are signed up with the Business store and have purchased apps, Admins c
 
 -   Download apps for offline installs
 
-For more information, see [Manage settings in the Store for Business](../manage/manage-settings-in-the-windows-store-for-business.md) and [Manage apps](../manage/manage-apps.md).
+For more information, see [Manage settings in the Store for Business](windows/manage/manage-settings-in-the-windows-store-for-business.md) and [Manage apps](windows/manage/manage-apps.md).
 
 ## Supported markets
 
@@ -315,7 +315,7 @@ Developers in your organization, or ISVs can create content specific to your org
 
 Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in the Store for Business. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in the Store for Business will work only on Windows 10.
 
-For more information on line-of-business apps, see [Working with Line-of-Business apps](../manage/working-with-line-of-business-apps.md).
+For more information on line-of-business apps, see [Working with Line-of-Business apps](windows/manage/working-with-line-of-business-apps.md).
 
  
 

windows/whats-new/change-history-for-what-s-new-in-windows-10.md

@@ -91,13 +91,13 @@ This topic lists new and updated topics in the [What's new in Windows 10](what-s
 ## Related topics
 
 
-[Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md)
+[Change history for Plan for Windows 10 deployment](windows/plan/change-history-for-plan-for-windows-10-deployment.md)
 
-[Change history for Deploy Windows 10](../deploy/change-history-for-deploy-windows-10.md)
+[Change history for Deploy Windows 10](windows/deploy/change-history-for-deploy-windows-10.md)
 
-[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
+[Change history for Keep Windows 10 secure](windows/keep-secure/change-history-for-keep-windows-10-secure.md)
 
-[Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
+[Change history for Manage and update Windows 10](windows/manage/change-history-for-manage-and-update-windows-10.md)
 
  
 

windows/whats-new/credential-guard.md

@@ -32,7 +32,7 @@ Credential Guard uses virtualization-based security to isolate secrets so that o
 
 -   **CredSSP/TsPkg credential delegation**. CredSSP/TsPkg cannot delegate default credentials when Credential Guard is enabled.
 
-[Learn how to deploy and manage Credential Guard within your organization](../keep-secure/credential-guard.md).
+[Learn how to deploy and manage Credential Guard within your organization](windows/keep-secure/credential-guard.md).
 
  
 

windows/whats-new/device-guard-overview.md

@@ -21,7 +21,7 @@ Device Guard is a combination of enterprise-related hardware and software securi
 
 Device Guard uses the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service from the Microsoft Windows kernel itself, letting the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
 
-For details on how to implement Device Guard, see [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md).
+For details on how to implement Device Guard, see [Device Guard deployment guide](windows/keep-secure/device-guard-deployment-guide.md).
 
 ## Why use Device Guard
 

windows/whats-new/device-management.md

@@ -76,7 +76,7 @@ With Windows 10, your enterprise will have more choice and flexibility in apply
 
 While Windows Update provides updates to unmanaged devices, most enterprises prefer to manage and control the flow of updates using their device management solution. You can choose to apply the latest updates as soon as they are available, or you can set a source and schedule for updates that works for your specific requirements.
 
-For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](../manage/introduction-to-windows-10-servicing.md).
+For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](windows/manage/introduction-to-windows-10-servicing.md).
 
 ## Easier certificate management
 
@@ -107,7 +107,7 @@ Active Directory blog posts on Azure AD and Windows 10:
 ## Related topics
 
 
-[Manage corporate devices](../manage/manage-corporate-devices.md)
+[Manage corporate devices](windows/manage/manage-corporate-devices.md)
 
 [Microsoft Passport](microsoft-passport.md)
 

windows/whats-new/lockdown-features-from-windows-embedded-industry-8-1.md

@@ -61,7 +61,7 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
 </tr>
 <tr class="even">
 <td align="left"><p>[Dialog Filter](http://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run</p></td>
-<td align="left">[AppLocker](../keep-secure/applocker-overview-server.md)</td>
+<td align="left">[AppLocker](windows/keep-secure/applocker-overview-server.md)</td>
 <td align="left"><p>Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.</p>
 <ul>
 <li><p>Control over which processes are able to run will now be provided by AppLocker.</p></li>

windows/whats-new/microsoft-passport.md

@@ -30,12 +30,12 @@ Microsoft Passport also enables Windows 10 Mobile devices to be used as a remot
 
 -   **Security**. Microsoft Passport helps protect user identities and user credentials. Because no passwords are used, it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Microsoft Passport credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are generated within isolated environments of Trusted Platform Modules (TPMs).
 
-[Learn how to implement and manage Microsoft Passport in your organization.](../keep-secure/implement-microsoft-passport-in-your-organization.md)
+[Learn how to implement and manage Microsoft Passport in your organization.](windows/keep-secure/implement-microsoft-passport-in-your-organization.md)
 
 ## Learn more
 
 
-[Why a PIN is better than a password](../keep-secure/why-a-pin-is-better-than-a-password.md)
+[Why a PIN is better than a password](windows/keep-secure/why-a-pin-is-better-than-a-password.md)
 
 [Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](http://go.microsoft.com/fwlink/p/?LinkId=533890)
 

windows/whats-new/provisioning-and-upgrade.md

@@ -93,9 +93,9 @@ Provisioning packages can be applied both during image deployment and during run
 ## Related topics
 
 
-[Update Windows 10 images with provisioning packages](../deploy/update-windows-10-images-with-provisioning-packages.md)
+[Update Windows 10 images with provisioning packages](windows/deploy/update-windows-10-images-with-provisioning-packages.md)
 
-[Configure devices without MDM](../manage/configure-devices-without-mdm.md)
+[Configure devices without MDM](windows/manage/configure-devices-without-mdm.md)
 
  
 

windows/whats-new/security-auditing.md

@@ -35,11 +35,11 @@ In Windows 10, security auditing has added some improvements:
 
 In Windows 10, two new audit subcategories were added to the Advanced Audit Policy Configuration to provide greater granularity in audit events:
 
--   [Audit Group Membership](../keep-secure/audit-group-membership.md) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the logon session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource.
+-   [Audit Group Membership](windows/keep-secure/audit-group-membership.md) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the logon session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource.
 
     When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the **Audit Logon** setting under **Advanced Audit Policy Configuration\\System Audit Policies\\Logon/Logoff**. Multiple events are generated if the group membership information cannot fit in a single security audit event.
 
--   [Audit PNP Activity](../keep-secure/audit-pnp-activity.md) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device.
+-   [Audit PNP Activity](windows/keep-secure/audit-pnp-activity.md) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device.
 
     Only Success audits are recorded for this category. If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.
 
@@ -166,7 +166,7 @@ Event ID 4826 has been added to track the following changes to the Boot Configur
 
 Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn’t expect this type of action, such as a domain controller.
 
-[Learn how to manage your security audit policies within your organization](../keep-secure/security-auditing-overview-glbl.md).
+[Learn how to manage your security audit policies within your organization](windows/keep-secure/security-auditing-overview-glbl.md).
 
  
 

windows/whats-new/security.md

@@ -68,7 +68,7 @@ New desktops and laptops will be available to expedite your Device Guard impleme
 
 -   **Not supported for Device Guard**. Many current devices cannot take advantage of all Device Guard features because they don’t have the required hardware components or HVCI-compatible drivers. However, most of these devices can enable some Device Guard features, such as configurable code integrity.
 
-For more information about how to prepare for, manage, and deploy Device Guard, see the [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md).
+For more information about how to prepare for, manage, and deploy Device Guard, see the [Device Guard deployment guide](windows/keep-secure/device-guard-deployment-guide.md).
 
 ### Configurable code integrity
 
@@ -86,7 +86,7 @@ Configurable code integrity is not intended to replace technologies that allow o
 Configurable code integrity is not limited to Windows Store applications. In fact, it is not even limited to existing signed applications. Windows 10 gives you a way to sign line-of-business or third-party applications without having to repackage them: you can monitor the application’s installation and initial execution to create a list of binaries called a catalog file. When created, you sign these catalog files and add the signing certificate to the code integrity policy so that those binaries contained within the catalog files are allowed to execute. Then, you can use Group Policy, Configuration Manager, or any other familiar management tool to distribute these catalog files to your client machines. Historically, most malware has been unsigned; simply by deploying code integrity policies, your organization can immediately protect itself against unsigned malware, which is responsible for most modern attacks.
 
 **Note**  
-For detailed deployment and planning information about configurable code integrity, see the [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md).
+For detailed deployment and planning information about configurable code integrity, see the [Device Guard deployment guide](windows/keep-secure/device-guard-deployment-guide.md).
 
  
 
@@ -107,7 +107,7 @@ Configurable code integrity is available in Windows 10 Enterprise and Windows
 
  
 
-You can enable configurable code integrity as part of a Device Guard deployment or as a stand-alone component. In addition, you can run configurable code integrity on hardware that is compatible with the Windows 7 operating system, even if such hardware is not Device Guard ready. Code integrity policies can align with an existing application catalog, existing corporate imaging strategy, or with any other method that provides the organization’s desired levels of restriction. For more information about configurable code integrity with Device Guard, see the [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md).
+You can enable configurable code integrity as part of a Device Guard deployment or as a stand-alone component. In addition, you can run configurable code integrity on hardware that is compatible with the Windows 7 operating system, even if such hardware is not Device Guard ready. Code integrity policies can align with an existing application catalog, existing corporate imaging strategy, or with any other method that provides the organization’s desired levels of restriction. For more information about configurable code integrity with Device Guard, see the [Device Guard deployment guide](windows/keep-secure/device-guard-deployment-guide.md).
 
 ### Measured Boot and remote attestation
 
@@ -210,7 +210,7 @@ Because it requires isolated user mode and a Hyper-V hypervisor, you cannot conf
 
  
 
-The Credential Guard feature is targeted at resisting the use of pass-the-hash and pass-the-ticket techniques. By employing a MFA option such as Microsoft Passport with Credential Guard, you can gain additional protection against such threats. For more in-depth information about how Credential Guard works and the specific mitigations it provides, see [Protect derived domain credentials with Credential Guard](../keep-secure/credential-guard.md).
+The Credential Guard feature is targeted at resisting the use of pass-the-hash and pass-the-ticket techniques. By employing a MFA option such as Microsoft Passport with Credential Guard, you can gain additional protection against such threats. For more in-depth information about how Credential Guard works and the specific mitigations it provides, see [Protect derived domain credentials with Credential Guard](windows/keep-secure/credential-guard.md).
 
 ## Windows 10 hardware considerations
 
@@ -247,13 +247,13 @@ In this table, **R** stands for *recommended*, **Y** means that the hardware com
 
 [Making Windows 10 More Personal and More Secure with Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=717551)
 
-[Protect BitLocker from pre-boot attacks](../keep-secure/protect-bitlocker-from-pre-boot-attacks.md)
+[Protect BitLocker from pre-boot attacks](windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md)
 
-[BitLocker Countermeasures](../keep-secure/bitlocker-countermeasures.md)
+[BitLocker Countermeasures](windows/keep-secure/bitlocker-countermeasures.md)
 
-[Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md)
+[Device Guard deployment guide](windows/keep-secure/device-guard-deployment-guide.md)
 
-[Protect derived domain credentials with Credential Guard](../keep-secure/credential-guard.md)
+[Protect derived domain credentials with Credential Guard](windows/keep-secure/credential-guard.md)
 
  
 

windows/whats-new/trusted-platform-module.md

@@ -48,7 +48,7 @@ Some things that you can check on the device are:
 
  
 
-[Learn how to deploy and manage TPM within your organization](../keep-secure/trusted-platform-module-technology-overview.md).
+[Learn how to deploy and manage TPM within your organization](windows/keep-secure/trusted-platform-module-technology-overview.md).
 
  
 

windows/whats-new/user-account-control.md

@@ -24,7 +24,7 @@ In Windows 10, User Account Control has added some improvements.
 
 -   **Integration with the Antimalware Scan Interface (AMSI)**. The [AMSI](http://msdn.microsoft.com/library/windows/desktop/dn889587.aspx) scans all UAC elevation requests for malware. If malware is detected, the admin privilege is blocked.
 
-[Learn how to manage User Account Control within your organization](../keep-secure/user-account-control-overview.md).
+[Learn how to manage User Account Control within your organization](windows/keep-secure/user-account-control-overview.md).
 
  
 

windows/whats-new/windows-spotlight.md

@@ -59,7 +59,7 @@ Pay attention to the checkbox in **Options**. In addition to providing the path
 ## Related topics
 
 
-[Manage Windows 10 Start layout options](../manage/windows-10-start-layout-options-and-policies.md)
+[Manage Windows 10 Start layout options](windows/manage/windows-10-start-layout-options-and-policies.md)
 
  
 

windows/whats-new/windows-update-for-busines.md

@@ -33,11 +33,11 @@ Together, these Windows Update for Business features help reduce device manageme
 ## Learn more
 
 
-[Windows Update for Business](../plan/windows-update-for-business.md)
+[Windows Update for Business](windows/plan/windows-update-for-business.md)
 
-[Setup and deployment](../plan/setup-and-deployment.md)
+[Setup and deployment](windows/plan/setup-and-deployment.md)
 
-[Integration with management solutions](../plan/integration-with-management-solutions-.md)
+[Integration with management solutions](windows/plan/integration-with-management-solutions-.md)